PHP Internals: Exploit Dev Edition

March 22, 2017 (at 6 p.m.) in Defense and Management

This talk will give a tour about PHP Internals. It'll take the audience on a journey from the design behind a custom PHP fuzzer, to the internals of PHP's Zend Engine. I'll talk about PHP 7's new memory manager and how its heap can be exploited It will also cover some of the changes in PHP 7 Internals and what that means from an exploit dev perspective. A sample of interesting and unusual PHP bugs that I had discovered will also be presented.

Emmanuel Law

Emmanuel Law (@libnex) is a Principal Security Consultant from Aura Information Security. He works as a penetration tester during the day. By night he can be found fuzzing and exploiting binaries. Recently he has a new found hobby in hacking away at PHP internals. He has presented at conferences such as Ruxcon, Kiwicon, OWASP NZ and others.