Code Obfuscation, PHP Shells & More: What hackers do once they get passed your code


Comments are closed.

Decent overview of file upload vulnerabilities and how they can be prevented. Maybe a bit too much time was spent on the obfuscation (since it was mainly the same technique explained multiple times)

interesting,but indeed as stated in the previous comment, a lot of the same

Anonymous at 08:05 on 25 Jan 2014

Great talk, rich in info and lively

Got some good information during the talk. The concepts were told repeatedly, which could be improved to make the talk more interesting.

Another improvement could be the practical side of being hacked. With such amount of expertise, why not demo the steps how to find the malicious files and cleanup the application/server?

Good talk! Gave a good idea on how most hacks are done.
I was missing some references to OWASP and a overview of other ways you could get hacked

Nice set of examples of real life hacks. There are some good lessons to learn with nice pointers on how to clean up after a hack.

Great talk, one of the few I stayed awake in. There were quite a few good tips on how to clean up after or going about finding the hack.

Nice talk. Despite it being a beginner level session, it was quite informative. Personally I would've liked a bit more depth in the recognition part.

A good talk, it made me think about the security of our applications. It was a bit much on the file upload vulnerabilities, there aren't other ways to break in?

I would love to hear more on how to recover from attacks as the ones described. Stuff for a workshop next time?

Interesting but a bit too much repetitions.

Anonymous at 09:45 on 27 Jan 2014

Could not attend due to attending another session occurring in parallel. Will you be uploading the slides?

I'm with Tim and Johan. I expected a talk from the perspective of a hacker. Perhaps an idea for the next time: the way hackers think, which common tricks they try, perhaps with some real-life references?

Interesting talk, but as already mentioned too much repetition.

Very interesting subject with clear examples.
Maybe a live demo should be nice!

Interesting to see some of the techniques used by attackers. I liked the techniques mentioned for cleaning up the mess.