Welcome back!
We are hitting the ground running in 2020 with our first meetup of the year on Thursday 16 January. This time we are venturing into something fresh and interesting with our very own Brad Mostert presenting on “Building Viruses in PHP”.
He describes this talk as follows:
The common saying goes “You have to think like a crook to catch a crook”, so lets put ourselves in our adversary’s shoes. We are going to (theoretically) infect the well-crafted code of the PHP Joburg Meetup group. What are we after and how will we do it?
In this presentation I’ll first build a simple threat model of the kind of attacker and virus most commonly targeting our web applications. Then I’ll use our favourite programing language to build said virus in a series of demos. In the (paraphrased) words of Thanos: “I’ll use the PHP to destroy the PHP” ;-)
Through this we’ll cover how, despite rigorously coding with sane security measures, our code may still get infected, but by glimpsing the mindset of our adversary, you’ll leave with a fresh perspective that will improve the security of the code you write going forward. At the very least, you’ll be better armed to fix the next pwned CMS you encounter.
