PHP Internals: Exploit Dev Edition

This talk will give a tour about PHP Internals. It’ll take the audience on a journey from the design behind a custom PHP fuzzer, to the internals of PHP’s Zend Engine. I’ll talk about PHP 7’s new memory manager and how its heap can be exploited It will also cover some of the changes in PHP 7 Internals and what that means from an exploit dev perspective. A sample of interesting and unusual PHP bugs that I had discovered will also be presented.