January: "Building Viruses in PHP" with Brad Mostert

Welcome back!

We are hitting the ground running in 2020 with our first meetup of the year on Thursday 16 January. This time we are venturing into something fresh and interesting with our very own Brad Mostert presenting on “Building Viruses in PHP”.

He describes this talk as follows:

The common saying goes “You have to think like a crook to catch a crook”, so lets put ourselves in our adversary’s shoes. We are going to (theoretically) infect the well-crafted code of the PHP Joburg Meetup group. What are we after and how will we do it?

In this presentation I’ll first build a simple threat model of the kind of attacker and virus most commonly targeting our web applications. Then I’ll use our favourite programing language to build said virus in a series of demos. In the (paraphrased) words of Thanos: “I’ll use the PHP to destroy the PHP” ;-)

Through this we’ll cover how, despite rigorously coding with sane security measures, our code may still get infected, but by glimpsing the mindset of our adversary, you’ll leave with a fresh perspective that will improve the security of the code you write going forward. At the very least, you’ll be better armed to fix the next pwned CMS you encounter.

Brad is a long-time member (now organizer) of the PHP Joburg Meetup. By day he’s a senior developer (and part-time server shepherd) at Afrihost. He also has an academic background in botnets and over a decade of experience in getting his own servers pwned on the internet. He likes craft beer and long walks on the beach.

Networking is an important part of our meetup. We welcome you to come spend time in our community after the presentation. Once again this month there will be pizza, internet, beer and soft drinks! Lee will also be doing his IoT thing again so remember to bring a charged cellphone and get in touch if you are interested in getting involved.

See you on Thursday!

You can reach us on:

• @joburgphp (twitter)
• @bsinkwa (twitter)