SlideShare a Scribd company logo

$kernel->infect(): Creating a cryptovirus for Symfony2 apps

Raul Fraile
Raul Fraile

This document discusses creating a cryptovirus for Symfony applications as a proof of concept. It explains how a cryptovirus could work by getting a public key from a hacker server to encrypt data in the infected app, then paying to get the private key to decrypt the data. It covers relevant cryptography concepts like public key cryptography and OpenSSL. It also discusses techniques for hiding the virus from antivirus software like polymorphic code, gzip/base64 encoding, and checking file integrity with hash functions.

TechnologyEducation
1 of 58
Download to read offline
MALICIOUS CRYPTOGRAPHY IN SYMFONY APPS Raul Fraile
WHO AM I? • PHP/Symfony2 developer at • PHP 5.3 Zend Certified Engineer • Symfony Certified Developer • BS in Computer Science. Ms(Res) student in Computing Technologies. • Open source: Distill, LadybugPHP
https://leanpub.com/symfony-selfstudy
• Cryptovirology studies how to use cryptography to design malicious software. • Closely related to ransomware and private information retrieval. • A fundamental twist in cryptography. CRYPTOVIROLOGY
CREATING OUR OWN CRYPTOVIRUS …for fun and profit!
• This is not a real virus, just a proof of concept. • I chose Symfony just because is my favourite framework. It can be applied to any other PHP framework. • We assume that the virus is already in the target computer. • NOT AN EXPERT
#1 Get public key from the hacker server GET public_key Hacker serverApp server OUR CRYPTOVIRUS
#2 Infect the Symfony 2.x app app[_dev].php bootstrap.php.cache Kernel events OUR CRYPTOVIRUS
#3 Use the public key to encrypt data app[_dev].php bootstrap.php.cache Kernel events Database User uploads Logs … OUR CRYPTOVIRUS
#4 Pay to get the private key to decrypt data GET private_key Hacker serverApp server OUR CRYPTOVIRUS
#3 (b) Intercept user/passwords and save them encrypted app[_dev].php bootstrap.php.cache Kernel events raul Submit User *****Password OUR CRYPTOVIRUS
#4 (b) Get user/password pairs using a backdoor GET users Hacker serverApp server OUR CRYPTOVIRUS
PUBLIC KEY CRYPTOGRAPHY
• Public key (asymmetric) cryptography requires two different keys: public and private. • Based on one-way functions (trapdoors), which are easy to compute in one direction, but believed to be difficult to find its inverse. • Most used one-way functions: integer factorization, discrete logarithm and elliptic curves. PUBLIC KEY CRYPTOGRAPHY
WANT SEND image.jpg Alice A A Bob B B B image.jpg 101101001011001 PUBLIC KEY CRYPTOGRAPHY
p = 115307171677547 q = 190761112638809 n = p * q = 21996124364443030184426121523 Having p and q, calculate n Having n, calculate p and q Multiplication Factorization SlowFast not in Polinomial time n = 21996124364443030184426121523 = p * q = … = 115307171677547 * 190761112638809 PUBLIC KEY CRYPTOGRAPHY
• Open Source toolkit for SSL/TLS, as well as a full-strength general purpose cryptography library. • PHP extension: php-openssl. OPENSSL
$config = array( "digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA, ); // Create the private and public key $resource = openssl_pkey_new($config); // Extract the private key openssl_pkey_export($resource, $privKey); // Extract the public key $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey[“key"]; PHP + OPENSSL
-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5gclOxvP9AyrUkk01b+b aa3TQSclpol0B/2bU8e54DfJkCermqN8aHQFhscWtDQeQjZMBMa3LPjql/QW0cgw knXrG0Ns+pk8960v8y1TBUK/AeOTfYJJ00A4Od6g7fA5oMOeI8IMaCD1eSJC5Fzi bhVUygxMzc4ctqqvnJGDd7BPKo8Dg8pFHPnNF6hj7rb/JogWq9qiKZEXFRwMnJSg … -----END PUBLIC KEY----- -----BEGIN PRIVATE KEY----- MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDmByU7G8/0DKtS STTVv5tprdNBJyWmiXQH/ZtTx7ngN8mQJ6uao3xodAWGxxa0NB5CNkwExrcs+OqX 9BbRyDCSdesbQ2z6mTz3rS/zLVMFQr8B45N9gknTQDg53qDt8Dmgw54jwgxoIPV5 IkLkXOJuFVTKDEzNzhy2qq+ckYN3sE8qjwODykUc+c0XqGPutv8miBar2qIpkRcV HAyclKCPdhrW9OZiWX7IbhM95BwNJ3JZtPhWNA42IBlwv1tPMbiKnRcLC0FEL0qK Iv7z1uPMaCYo+HioCcECUXj6b2nuDbdNIpXHQr98fC+vjxJWmd6zfcXG98h0eBrp nbXU9SvNdX1fzHmDRrAl+NselZK5SHgyYY5aUb4gyyxQ+dVCWTaZQ1MmYZxiu4g4 a20tJHHYqkFV7ogS8u+Kfq4h/SlJ2wHeEhE4An1hXlEJXIZpK/z0+quScgKiqx9t oBhkG44f4KIVfpqg9RKgrg9yFaavFjWJSIbXh+ciuLDDI/150as5pFKAtENuVXjS xmrbpbbxeamKHNSD6O+wFbOaOw/r4NEWd1/p0AZ+qBRNl4fgCMCxRWDui6txjKGK oiFVf6Brf3xg/69KoCTS3svJ4Kmm0TB8tloXKRW/qXhFkQJpn12wCwuazPE98nep xApa2zTc7xcLt4ISJYHNCRX+n3puFwIDAQABAoICAB/K6QhsZaeTgLJUz+qjGvXW … -----END PRIVATE KEY----- PHP + OPENSSL
$data = “Creating a cryptovirus for Symfony2 apps”; // Encrypt the data openssl_public_encrypt($data, $encrypted, $pubKey); // Decrypt the encrypted data openssl_private_decrypt($encrypted, $decrypted, $privKey); PHP + OPENSSL
SYMFONY INTERNALS
kernel.request Request Response kernel.controller kernel.view kernel.response kernel.terminate kernel.exception KERNEL EVENTS
• kernel.request is dispatched as soon as the request arrives. Listeners can return a Response and “end” the execution. • kernel.controller is dispatched once the controller has been resolved. Listeners can manipulate the Controller callable. KERNEL EVENTS
• kernel.view is dispatched only if the Controller does not return a Response object. • kernel.response allows to modify or replace the Response object after its creation. KERNEL EVENTS
• kernel.exception is dispatched if there is an uncaught exception. Last chance to convert an Exception object into a Response object. • kernel.terminate is dispatched once the response has been sent. Allows to run expensive post-response jobs. KERNEL EVENTS
• The bootstrap.php.cache file is created to improve performance, reducing IO operations and autoload lookups. • Just a copy&paste of common classes and interfaces that will be used for sure. BOOTSTRAP FILE
{ "name": "symfony/framework-standard-edition", "scripts": { "post-install-cmd": [ ..., “SensioBundleDistributionBundleComposer ScriptHandler::buildBootstrap", ... ], "post-update-cmd": [ ..., “SensioBundleDistributionBundleComposer ScriptHandler::buildBootstrap", ... ] } } BOOTSTRAP FILE
HIDING THE VIRUS
• Virus definitions. Antivirus software scans files to find matches. Useful for known malware (up-to-date antivirus). • Heuristics allow antivirus software to identify new or modified malware, even without virus definition files. Based on system calls, network packets, kernel events… ANTIVIRUS
unlink(__FILE__); REMOVING ITSELF
$originalCode = "phpinfo();"; // encode with base65 n times $encoded = $originalCode; $times = 5; for ($i=0; $i<$times;$i++) { $encoded = base64_encode($encoded); } // generate hidden code $code = sprintf('eval(%s"%s"%s);', str_repeat('base64_decode(', $times), $encoded, str_repeat(')', $times) ); $code = gzdeflate($code); var_dump($code); // K-K??HJ,N53... GZIP + BASE64
eval(gzinflate($code)); GZIP + BASE64
• Polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. • Makes it difficult for antivirus software to recognise the code as it constantly changes. • Emulation (sandbox) may be used. POLYMORPHIC CODE
echo 'Hello world!'; echo 'Hello' . ' ' . 'world!'; printf('Hello world!'); file_put_contents('php://stdout', 'Hello world!'); printf('%c%c%c%c%c%c%c%c%c%c%c%c', 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21 ); POLYMORPHIC CODE
All of them print “Hello world!”, but using different code which generate different AST/opcodes. POLYMORPHIC CODE
Op Operands 1 ECHO Hello+world%21' 2 CONCAT Hello', '+' CONCAT ~0, 'world%21' ECHO ~1 3 SEND_VAL Hello+world%21' DO_FCALL printf' 4 SEND_VAL php%3A%2F%2Fstdout' SEND_VAL Hello+world%21' DO_FCALL file_put_contents' 5 SEND_VAL %25c%25c%25c…%25c%25c’ SEND_VAL 72 SEND_VAL …101, 108, 108, 111, 32, 119, 111, 114, 108, 100, 33 DO_FCALL printf' POLYMORPHIC CODE
• The goal would be to create a polymorphic engine that generates different code in each infection randomly. • Really difficult to get random numbers in computers, as they can be predictable. POLYMORPHIC CODE
rand() mt_rand() RANDOM NUMBERS
• Computational methods are not considered true random number generators. In practice, they are sufficient for most tasks. • Physical methods use physical phenomenon expected to be random. For example, atmospheric noise (random.org), radioactive decay, radio noise or even a coin flipping. RANDOM NUMBERS
PROTECTING US
PROTECTING US
• Before the infection: security measures, restrictive permissions, disable php- openssl if we don’t need it, allow_url_fopen, read-only code… • Once the app has been infected, we want to know it as soon as possible, checking its integrity. PROTECTING US
Hash functions create a fixed-length digest from data of arbitrary length. Easy to compute. Infeasible to generate a message that has a given hash. Infeasible to modify a message without changing the hash. Infeasible to find two different messages with the same hash. HASH FUNCTIONS
Tiny changes in source generate (with high probability) big changes in the digest. HASH FUNCTIONS
• md5() is not collision resistant. It is possible to create two files that share the same checksum. • We can include the checksum of the whole project in the build process and check it regularly. HASH FUNCTIONS
use SymfonyComponentFinderFinder; $finder = new Finder(); $finder->in(__DIR__ . ‘/project') ->files() ->name('*.php'); $hashes = ''; foreach ($finder as $file) { $hashes .= sha1($file->getContents()); } // hash of the whole project $hash = sha1($hashes); HASH FUNCTIONS
HASH FUNCTIONS
• The PHAR extension provides a way to put entire PHP applications into a single file. • Equivalent to Java JAR files. • PHAR files can contain a signature (checksum) of the included files. PHAR SIGNATURES
Stub Manifest File contents Signature Actual contents of the files Describes the contents of the files: filename, size, timestamp, CRC32… Phar Signature in MD5, SHA1, SHA256 or SHA512 __HALT_COMPILER(); Usually contains loader functionality PHAR SIGNATURES
23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 77 6f 72 6c 64 21 27 3b 0a 0a 5f 5f 48 41 |o world!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| Stub Manifest File contents Signature Signature flags Magic GBMB PHAR SIGNATURES
23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 74 68 65 72 65 21 27 3b 0a 0a 5f 5f 48 41 |o there!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| PharException: phar "test.phar" has a broken signature in /home/raul/test.phar on line 4 PHAR SIGNATURES
23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 74 68 65 72 65 21 27 3b 0a 0a 5f 5f 48 41 |o there!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 00 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| PharException: phar "test.phar" does not have a signature in /home/raul/test.phar on line 4 phar.require_hash = On PHAR SIGNATURES
DEMO
FURTHER READING
Malicious Cryptography. Exposing Cryptovirology
https://youtu.be/69mU6h1Sd2Q
slideshare.net/raulfraile/steganography-hiding-your-secrets-with-php
THANK YOU! https://github.com/raulfraile/cryptosymfony

Recommended

PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Herejulien pauli
 
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Mohammad Reza Kamalifard
 
Cli the other SAPI confoo11
Cli the other SAPI confoo11Cli the other SAPI confoo11
Cli the other SAPI confoo11Combell NV
 
Cli the other sapi pbc11
Cli the other sapi pbc11Cli the other sapi pbc11
Cli the other sapi pbc11Combell NV
 
Lets make better scripts
Lets make better scriptsLets make better scripts
Lets make better scriptsMichael Boelen
 
On secure application of PHP wrappers
On secure application of PHP wrappersOn secure application of PHP wrappers
On secure application of PHP wrappersPositive Hack Days
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]RootedCON
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testersChristian Martorella
 

Recommended

PHP5.5 is Here
PHP5.5 is HerePHP5.5 is Here
PHP5.5 is Herejulien pauli
 
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Pycon - Python for ethical hackers
Pycon - Python for ethical hackers Mohammad Reza Kamalifard
 
Cli the other SAPI confoo11
Cli the other SAPI confoo11Cli the other SAPI confoo11
Cli the other SAPI confoo11Combell NV
 
Cli the other sapi pbc11
Cli the other sapi pbc11Cli the other sapi pbc11
Cli the other sapi pbc11Combell NV
 
Lets make better scripts
Lets make better scriptsLets make better scripts
Lets make better scriptsMichael Boelen
 
On secure application of PHP wrappers
On secure application of PHP wrappersOn secure application of PHP wrappers
On secure application of PHP wrappersPositive Hack Days
 
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]
Sergi Álvarez & Roi Martín - Radare2 Preview [RootedCON 2010]RootedCON
 
Python for Penetration testers
Python for Penetration testersPython for Penetration testers
Python for Penetration testersChristian Martorella
 
Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdfTECHNOLOGY CONTROL CO.
 
CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11Combell NV
 
Pycon Sec
Pycon SecPycon Sec
Pycon Secguesta762e4
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)Nikita Popov
 
Php in 2013 (Web-5 2013 conference)
Php in 2013 (Web-5 2013 conference)Php in 2013 (Web-5 2013 conference)
Php in 2013 (Web-5 2013 conference)julien pauli
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is comingjulien pauli
 
The Php Life Cycle
The Php Life CycleThe Php Life Cycle
The Php Life CycleXinchen Hui
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from insidejulien pauli
 
Codes
CodesCodes
CodesNarayan Loke
 
08 php-files
08 php-files08 php-files
08 php-fileshoangphuc2587
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objectsjulien pauli
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 
Shell Script
Shell ScriptShell Script
Shell ScriptAdam Victor Brandizzi
 
Php security3895
Php security3895Php security3895
Php security3895PrinceGuru MS
 
extending-php
extending-phpextending-php
extending-phptutorialsruby
 
Symfony2 Authentication
Symfony2 AuthenticationSymfony2 Authentication
Symfony2 AuthenticationOFlorin
 
Building a Website to Scale to 100 Million Page Views Per Day and Beyond
Building a Website to Scale to 100 Million Page Views Per Day and Beyond Building a Website to Scale to 100 Million Page Views Per Day and Beyond
Building a Website to Scale to 100 Million Page Views Per Day and Beyond Trieu Nguyen
 
Cryptovirology - by Malathi
Cryptovirology - by MalathiCryptovirology - by Malathi
Cryptovirology - by MalathiSanthosh Sundar
 
Service approach for development REST API in Symfony2
Service approach for development REST API in Symfony2Service approach for development REST API in Symfony2
Service approach for development REST API in Symfony2Sumy PHP User Grpoup
 
Scaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
Scaling Symfony2 apps with RabbitMQ - Symfony UK MeetupScaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
Scaling Symfony2 apps with RabbitMQ - Symfony UK MeetupKacper Gunia
 

More Related Content

What's hot

CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11Combell NV
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13julien pauli
 
PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)Nikita Popov
 
Php in 2013 (Web-5 2013 conference)
Php in 2013 (Web-5 2013 conference)Php in 2013 (Web-5 2013 conference)
Php in 2013 (Web-5 2013 conference)julien pauli
 
The Php Life Cycle
The Php Life CycleThe Php Life Cycle
The Php Life CycleXinchen Hui
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from insidejulien pauli
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Giovanni Bechis
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objectsjulien pauli
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year laterGiovanni Bechis
 

What's hot (17)

Python build your security tools.pdf
Python build your security tools.pdfPython build your security tools.pdf
Python build your security tools.pdf
 
CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11CLI, the other SAPI phpnw11
CLI, the other SAPI phpnw11
 
Pycon Sec
Pycon SecPycon Sec
Pycon Sec
 
PHP Tips for certification - OdW13
PHP Tips for certification - OdW13PHP Tips for certification - OdW13
PHP Tips for certification - OdW13
 
PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)PHP 7 – What changed internally? (PHP Barcelona 2015)
PHP 7 – What changed internally? (PHP Barcelona 2015)
 
Php in 2013 (Web-5 2013 conference)
Php in 2013 (Web-5 2013 conference)Php in 2013 (Web-5 2013 conference)
Php in 2013 (Web-5 2013 conference)
 
PHP7 is coming
PHP7 is comingPHP7 is coming
PHP7 is coming
 
The Php Life Cycle
The Php Life CycleThe Php Life Cycle
The Php Life Cycle
 
Quick tour of PHP from inside
Quick tour of PHP from insideQuick tour of PHP from inside
Quick tour of PHP from inside
 
Codes
CodesCodes
Codes
 
08 php-files
08 php-files08 php-files
08 php-files
 
Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD Relayd: a load balancer for OpenBSD
Relayd: a load balancer for OpenBSD
 
Understanding PHP objects
Understanding PHP objectsUnderstanding PHP objects
Understanding PHP objects
 
LibreSSL, one year later
LibreSSL, one year laterLibreSSL, one year later
LibreSSL, one year later
 
Shell Script
Shell ScriptShell Script
Shell Script
 
Php security3895
Php security3895Php security3895
Php security3895
 
extending-php
extending-phpextending-php
extending-php
 

Viewers also liked

Symfony2 Authentication
Symfony2 AuthenticationSymfony2 Authentication
Symfony2 AuthenticationOFlorin
 
Building a Website to Scale to 100 Million Page Views Per Day and Beyond
Building a Website to Scale to 100 Million Page Views Per Day and Beyond Building a Website to Scale to 100 Million Page Views Per Day and Beyond
Building a Website to Scale to 100 Million Page Views Per Day and Beyond Trieu Nguyen
 
Cryptovirology - by Malathi
Cryptovirology - by MalathiCryptovirology - by Malathi
Cryptovirology - by MalathiSanthosh Sundar
 
Service approach for development REST API in Symfony2
Service approach for development REST API in Symfony2Service approach for development REST API in Symfony2
Service approach for development REST API in Symfony2Sumy PHP User Grpoup
 
Scaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
Scaling Symfony2 apps with RabbitMQ - Symfony UK MeetupScaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
Scaling Symfony2 apps with RabbitMQ - Symfony UK MeetupKacper Gunia
 
Effective Doctrine2: Performance Tips for Symfony2 Developers
Effective Doctrine2: Performance Tips for Symfony2 DevelopersEffective Doctrine2: Performance Tips for Symfony2 Developers
Effective Doctrine2: Performance Tips for Symfony2 DevelopersMarcin Chwedziak
 
Love and Loss: A Symfony Security Play
Love and Loss: A Symfony Security PlayLove and Loss: A Symfony Security Play
Love and Loss: A Symfony Security PlayKris Wallsmith
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST securityIgor Bossenko
 

Viewers also liked (9)

Symfony2 Authentication
Symfony2 AuthenticationSymfony2 Authentication
Symfony2 Authentication
 
Building a Website to Scale to 100 Million Page Views Per Day and Beyond
Building a Website to Scale to 100 Million Page Views Per Day and Beyond Building a Website to Scale to 100 Million Page Views Per Day and Beyond
Building a Website to Scale to 100 Million Page Views Per Day and Beyond
 
Cryptovirology - by Malathi
Cryptovirology - by MalathiCryptovirology - by Malathi
Cryptovirology - by Malathi
 
Service approach for development REST API in Symfony2
Service approach for development REST API in Symfony2Service approach for development REST API in Symfony2
Service approach for development REST API in Symfony2
 
Scaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
Scaling Symfony2 apps with RabbitMQ - Symfony UK MeetupScaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
Scaling Symfony2 apps with RabbitMQ - Symfony UK Meetup
 
Effective Doctrine2: Performance Tips for Symfony2 Developers
Effective Doctrine2: Performance Tips for Symfony2 DevelopersEffective Doctrine2: Performance Tips for Symfony2 Developers
Effective Doctrine2: Performance Tips for Symfony2 Developers
 
Introducing symfony2
Introducing symfony2Introducing symfony2
Introducing symfony2
 
Love and Loss: A Symfony Security Play
Love and Loss: A Symfony Security PlayLove and Loss: A Symfony Security Play
Love and Loss: A Symfony Security Play
 
Single-Page-Application & REST security
Single-Page-Application & REST securitySingle-Page-Application & REST security
Single-Page-Application & REST security
 

Similar to $kernel->infect(): Creating a cryptovirus for Symfony2 apps

Php through the eyes of a hoster confoo
Php through the eyes of a hoster confooPhp through the eyes of a hoster confoo
Php through the eyes of a hoster confooCombell NV
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckrICh morrow
 
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Orange Tsai
 
Orange@php conf
Orange@php confOrange@php conf
Orange@php confHash Lin
 
Living With Legacy Code
Living With Legacy CodeLiving With Legacy Code
Living With Legacy CodeRowan Merewood
 
Web application security
Web application securityWeb application security
Web application securityRavi Raj
 
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...anshkhurana01
 
InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018Mandi Walls
 
Ran Mizrahi - Symfony2 meets Drupal8
Ran Mizrahi - Symfony2 meets Drupal8Ran Mizrahi - Symfony2 meets Drupal8
Ran Mizrahi - Symfony2 meets Drupal8Ran Mizrahi
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
BuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopBuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopMandi Walls
 
Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11Combell NV
 
php fundamental
php fundamentalphp fundamental
php fundamentalzalatarunk
 
Php introduction with history of php
Php introduction with history of phpPhp introduction with history of php
Php introduction with history of phppooja bhandari
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application HackingRaghav Bisht
 

Similar to $kernel->infect(): Creating a cryptovirus for Symfony2 apps (20)

Php through the eyes of a hoster confoo
Php through the eyes of a hoster confooPhp through the eyes of a hoster confoo
Php through the eyes of a hoster confoo
 
PHP from soup to nuts Course Deck
PHP from soup to nuts Course DeckPHP from soup to nuts Course Deck
PHP from soup to nuts Course Deck
 
Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧Security in PHP - 那些在滲透測試的小技巧
Security in PHP - 那些在滲透測試的小技巧
 
Orange@php conf
Orange@php confOrange@php conf
Orange@php conf
 
Living With Legacy Code
Living With Legacy CodeLiving With Legacy Code
Living With Legacy Code
 
Web application security
Web application securityWeb application security
Web application security
 
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
Php mysql classes in navi-mumbai,php-mysql course provider-in-navi-mumbai,bes...
 
Day1
Day1Day1
Day1
 
Php Tutorial
Php TutorialPhp Tutorial
Php Tutorial
 
InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018InSpec Workshop at Velocity London 2018
InSpec Workshop at Velocity London 2018
 
Composer
ComposerComposer
Composer
 
Ran Mizrahi - Symfony2 meets Drupal8
Ran Mizrahi - Symfony2 meets Drupal8Ran Mizrahi - Symfony2 meets Drupal8
Ran Mizrahi - Symfony2 meets Drupal8
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
BuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec WorkshopBuildStuff.LT 2018 InSpec Workshop
BuildStuff.LT 2018 InSpec Workshop
 
Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11Php through the eyes of a hoster phpbnl11
Php through the eyes of a hoster phpbnl11
 
php fundamental
php fundamentalphp fundamental
php fundamental
 
php
phpphp
php
 
Php introduction with history of php
Php introduction with history of phpPhp introduction with history of php
Php introduction with history of php
 
Web-servers & Application Hacking
Web-servers & Application HackingWeb-servers & Application Hacking
Web-servers & Application Hacking
 
Basics PHP
Basics PHPBasics PHP
Basics PHP
 

More from Raul Fraile

Aplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con SymfonyAplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con SymfonyRaul Fraile
 
Steganography: Hiding your secrets with PHP
Steganography: Hiding your secrets with PHPSteganography: Hiding your secrets with PHP
Steganography: Hiding your secrets with PHPRaul Fraile
 
How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014Raul Fraile
 
How GZIP works... in 10 minutes
How GZIP works... in 10 minutesHow GZIP works... in 10 minutes
How GZIP works... in 10 minutesRaul Fraile
 
Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain Raul Fraile
 
Materiales del curso de Symfony2
Materiales del curso de Symfony2Materiales del curso de Symfony2
Materiales del curso de Symfony2Raul Fraile
 
Sistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidosSistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidosRaul Fraile
 
Refactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 appsRefactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 appsRaul Fraile
 
Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2Raul Fraile
 
MidwestPHP Symfony2 Internals
MidwestPHP Symfony2 InternalsMidwestPHP Symfony2 Internals
MidwestPHP Symfony2 InternalsRaul Fraile
 
Symfony internals [english]
Symfony internals [english]Symfony internals [english]
Symfony internals [english]Raul Fraile
 
DeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internalsDeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internalsRaul Fraile
 
Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5Raul Fraile
 
Symfony2: Optimización y rendimiento
Symfony2: Optimización y rendimientoSymfony2: Optimización y rendimiento
Symfony2: Optimización y rendimientoRaul Fraile
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Raul Fraile
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Raul Fraile
 
Presentacion Symfony2
Presentacion Symfony2Presentacion Symfony2
Presentacion Symfony2Raul Fraile
 

More from Raul Fraile (17)

Aplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con SymfonyAplicaciones CLI profesionales con Symfony
Aplicaciones CLI profesionales con Symfony
 
Steganography: Hiding your secrets with PHP
Steganography: Hiding your secrets with PHPSteganography: Hiding your secrets with PHP
Steganography: Hiding your secrets with PHP
 
How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014How GZIP compression works - JS Conf EU 2014
How GZIP compression works - JS Conf EU 2014
 
How GZIP works... in 10 minutes
How GZIP works... in 10 minutesHow GZIP works... in 10 minutes
How GZIP works... in 10 minutes
 
Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain Symfony en Drupal 8 - DrupalCamp Spain
Symfony en Drupal 8 - DrupalCamp Spain
 
Materiales del curso de Symfony2
Materiales del curso de Symfony2Materiales del curso de Symfony2
Materiales del curso de Symfony2
 
Sistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidosSistemas de ficheros para dispositivos embebidos
Sistemas de ficheros para dispositivos embebidos
 
Refactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 appsRefactoring PHP/Symfony2 apps
Refactoring PHP/Symfony2 apps
 
Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2Refactorización de aplicaciones PHP/Symfony2
Refactorización de aplicaciones PHP/Symfony2
 
MidwestPHP Symfony2 Internals
MidwestPHP Symfony2 InternalsMidwestPHP Symfony2 Internals
MidwestPHP Symfony2 Internals
 
Symfony internals [english]
Symfony internals [english]Symfony internals [english]
Symfony internals [english]
 
DeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internalsDeSymfony 2012: Symfony internals
DeSymfony 2012: Symfony internals
 
Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5Symfony2: Interacción con CSS, JS y HTML5
Symfony2: Interacción con CSS, JS y HTML5
 
Symfony2: Optimización y rendimiento
Symfony2: Optimización y rendimientoSymfony2: Optimización y rendimiento
Symfony2: Optimización y rendimiento
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5
 
Symfony2: Framework para PHP5
Symfony2: Framework para PHP5Symfony2: Framework para PHP5
Symfony2: Framework para PHP5
 
Presentacion Symfony2
Presentacion Symfony2Presentacion Symfony2
Presentacion Symfony2
 

Recently uploaded

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuidePixlogix Infotech
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Zilliz
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseWSO2
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfdanishmna97
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)Samir Dash
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard37
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformWSO2
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceWSO2
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityVictorSzoltysek
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAnitaRaj43
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringWSO2
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 

Recently uploaded (20)

JavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate GuideJavaScript Usage Statistics 2024 - The Ultimate Guide
JavaScript Usage Statistics 2024 - The Ultimate Guide
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
How to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cfHow to Check CNIC Information Online with Pakdata cf
How to Check CNIC Information Online with Pakdata cf
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data PlatformLess Is More: Utilizing Ballerina to Architect a Cloud Data Platform
Less Is More: Utilizing Ballerina to Architect a Cloud Data Platform
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
ChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps ProductivityChatGPT and Beyond - Elevating DevOps Productivity
ChatGPT and Beyond - Elevating DevOps Productivity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
Choreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software EngineeringChoreo: Empowering the Future of Enterprise Software Engineering
Choreo: Empowering the Future of Enterprise Software Engineering
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

$kernel->infect(): Creating a cryptovirus for Symfony2 apps

  • 2. WHO AM I? • PHP/Symfony2 developer at • PHP 5.3 Zend Certified Engineer • Symfony Certified Developer • BS in Computer Science. Ms(Res) student in Computing Technologies. • Open source: Distill, LadybugPHP
  • 4. • Cryptovirology studies how to use cryptography to design malicious software. • Closely related to ransomware and private information retrieval. • A fundamental twist in cryptography. CRYPTOVIROLOGY
  • 6. • This is not a real virus, just a proof of concept. • I chose Symfony just because is my favourite framework. It can be applied to any other PHP framework. • We assume that the virus is already in the target computer. • NOT AN EXPERT
  • 7. #1 Get public key from the hacker server GET public_key Hacker serverApp server OUR CRYPTOVIRUS
  • 8. #2 Infect the Symfony 2.x app app[_dev].php bootstrap.php.cache Kernel events OUR CRYPTOVIRUS
  • 9. #3 Use the public key to encrypt data app[_dev].php bootstrap.php.cache Kernel events Database User uploads Logs … OUR CRYPTOVIRUS
  • 10. #4 Pay to get the private key to decrypt data GET private_key Hacker serverApp server OUR CRYPTOVIRUS
  • 11. #3 (b) Intercept user/passwords and save them encrypted app[_dev].php bootstrap.php.cache Kernel events raul Submit User *****Password OUR CRYPTOVIRUS
  • 12. #4 (b) Get user/password pairs using a backdoor GET users Hacker serverApp server OUR CRYPTOVIRUS
  • 14. • Public key (asymmetric) cryptography requires two different keys: public and private. • Based on one-way functions (trapdoors), which are easy to compute in one direction, but believed to be difficult to find its inverse. • Most used one-way functions: integer factorization, discrete logarithm and elliptic curves. PUBLIC KEY CRYPTOGRAPHY
  • 15. WANT SEND image.jpg Alice A A Bob B B B image.jpg 101101001011001 PUBLIC KEY CRYPTOGRAPHY
  • 16. p = 115307171677547 q = 190761112638809 n = p * q = 21996124364443030184426121523 Having p and q, calculate n Having n, calculate p and q Multiplication Factorization SlowFast not in Polinomial time n = 21996124364443030184426121523 = p * q = … = 115307171677547 * 190761112638809 PUBLIC KEY CRYPTOGRAPHY
  • 17. • Open Source toolkit for SSL/TLS, as well as a full-strength general purpose cryptography library. • PHP extension: php-openssl. OPENSSL
  • 18. $config = array( "digest_alg" => "sha512", "private_key_bits" => 4096, "private_key_type" => OPENSSL_KEYTYPE_RSA, ); // Create the private and public key $resource = openssl_pkey_new($config); // Extract the private key openssl_pkey_export($resource, $privKey); // Extract the public key $pubKey = openssl_pkey_get_details($res); $pubKey = $pubKey[“key"]; PHP + OPENSSL
  • 19. -----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5gclOxvP9AyrUkk01b+b aa3TQSclpol0B/2bU8e54DfJkCermqN8aHQFhscWtDQeQjZMBMa3LPjql/QW0cgw knXrG0Ns+pk8960v8y1TBUK/AeOTfYJJ00A4Od6g7fA5oMOeI8IMaCD1eSJC5Fzi bhVUygxMzc4ctqqvnJGDd7BPKo8Dg8pFHPnNF6hj7rb/JogWq9qiKZEXFRwMnJSg … -----END PUBLIC KEY----- -----BEGIN PRIVATE KEY----- MIIJQQIBADANBgkqhkiG9w0BAQEFAASCCSswggknAgEAAoICAQDmByU7G8/0DKtS STTVv5tprdNBJyWmiXQH/ZtTx7ngN8mQJ6uao3xodAWGxxa0NB5CNkwExrcs+OqX 9BbRyDCSdesbQ2z6mTz3rS/zLVMFQr8B45N9gknTQDg53qDt8Dmgw54jwgxoIPV5 IkLkXOJuFVTKDEzNzhy2qq+ckYN3sE8qjwODykUc+c0XqGPutv8miBar2qIpkRcV HAyclKCPdhrW9OZiWX7IbhM95BwNJ3JZtPhWNA42IBlwv1tPMbiKnRcLC0FEL0qK Iv7z1uPMaCYo+HioCcECUXj6b2nuDbdNIpXHQr98fC+vjxJWmd6zfcXG98h0eBrp nbXU9SvNdX1fzHmDRrAl+NselZK5SHgyYY5aUb4gyyxQ+dVCWTaZQ1MmYZxiu4g4 a20tJHHYqkFV7ogS8u+Kfq4h/SlJ2wHeEhE4An1hXlEJXIZpK/z0+quScgKiqx9t oBhkG44f4KIVfpqg9RKgrg9yFaavFjWJSIbXh+ciuLDDI/150as5pFKAtENuVXjS xmrbpbbxeamKHNSD6O+wFbOaOw/r4NEWd1/p0AZ+qBRNl4fgCMCxRWDui6txjKGK oiFVf6Brf3xg/69KoCTS3svJ4Kmm0TB8tloXKRW/qXhFkQJpn12wCwuazPE98nep xApa2zTc7xcLt4ISJYHNCRX+n3puFwIDAQABAoICAB/K6QhsZaeTgLJUz+qjGvXW … -----END PRIVATE KEY----- PHP + OPENSSL
  • 20. $data = “Creating a cryptovirus for Symfony2 apps”; // Encrypt the data openssl_public_encrypt($data, $encrypted, $pubKey); // Decrypt the encrypted data openssl_private_decrypt($encrypted, $decrypted, $privKey); PHP + OPENSSL
  • 23. • kernel.request is dispatched as soon as the request arrives. Listeners can return a Response and “end” the execution. • kernel.controller is dispatched once the controller has been resolved. Listeners can manipulate the Controller callable. KERNEL EVENTS
  • 24. • kernel.view is dispatched only if the Controller does not return a Response object. • kernel.response allows to modify or replace the Response object after its creation. KERNEL EVENTS
  • 25. • kernel.exception is dispatched if there is an uncaught exception. Last chance to convert an Exception object into a Response object. • kernel.terminate is dispatched once the response has been sent. Allows to run expensive post-response jobs. KERNEL EVENTS
  • 26. • The bootstrap.php.cache file is created to improve performance, reducing IO operations and autoload lookups. • Just a copy&paste of common classes and interfaces that will be used for sure. BOOTSTRAP FILE
  • 27. { "name": "symfony/framework-standard-edition", "scripts": { "post-install-cmd": [ ..., “SensioBundleDistributionBundleComposer ScriptHandler::buildBootstrap", ... ], "post-update-cmd": [ ..., “SensioBundleDistributionBundleComposer ScriptHandler::buildBootstrap", ... ] } } BOOTSTRAP FILE
  • 29. • Virus definitions. Antivirus software scans files to find matches. Useful for known malware (up-to-date antivirus). • Heuristics allow antivirus software to identify new or modified malware, even without virus definition files. Based on system calls, network packets, kernel events… ANTIVIRUS
  • 31. $originalCode = "phpinfo();"; // encode with base65 n times $encoded = $originalCode; $times = 5; for ($i=0; $i<$times;$i++) { $encoded = base64_encode($encoded); } // generate hidden code $code = sprintf('eval(%s"%s"%s);', str_repeat('base64_decode(', $times), $encoded, str_repeat(')', $times) ); $code = gzdeflate($code); var_dump($code); // K-K??HJ,N53... GZIP + BASE64
  • 33. • Polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact. • Makes it difficult for antivirus software to recognise the code as it constantly changes. • Emulation (sandbox) may be used. POLYMORPHIC CODE
  • 34. echo 'Hello world!'; echo 'Hello' . ' ' . 'world!'; printf('Hello world!'); file_put_contents('php://stdout', 'Hello world!'); printf('%c%c%c%c%c%c%c%c%c%c%c%c', 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x77, 0x6f, 0x72, 0x6c, 0x64, 0x21 ); POLYMORPHIC CODE
  • 35. All of them print “Hello world!”, but using different code which generate different AST/opcodes. POLYMORPHIC CODE
  • 36. Op Operands 1 ECHO Hello+world%21' 2 CONCAT Hello', '+' CONCAT ~0, 'world%21' ECHO ~1 3 SEND_VAL Hello+world%21' DO_FCALL printf' 4 SEND_VAL php%3A%2F%2Fstdout' SEND_VAL Hello+world%21' DO_FCALL file_put_contents' 5 SEND_VAL %25c%25c%25c…%25c%25c’ SEND_VAL 72 SEND_VAL …101, 108, 108, 111, 32, 119, 111, 114, 108, 100, 33 DO_FCALL printf' POLYMORPHIC CODE
  • 37. • The goal would be to create a polymorphic engine that generates different code in each infection randomly. • Really difficult to get random numbers in computers, as they can be predictable. POLYMORPHIC CODE
  • 39. • Computational methods are not considered true random number generators. In practice, they are sufficient for most tasks. • Physical methods use physical phenomenon expected to be random. For example, atmospheric noise (random.org), radioactive decay, radio noise or even a coin flipping. RANDOM NUMBERS
  • 42. • Before the infection: security measures, restrictive permissions, disable php- openssl if we don’t need it, allow_url_fopen, read-only code… • Once the app has been infected, we want to know it as soon as possible, checking its integrity. PROTECTING US
  • 43. Hash functions create a fixed-length digest from data of arbitrary length. Easy to compute. Infeasible to generate a message that has a given hash. Infeasible to modify a message without changing the hash. Infeasible to find two different messages with the same hash. HASH FUNCTIONS
  • 44. Tiny changes in source generate (with high probability) big changes in the digest. HASH FUNCTIONS
  • 45. • md5() is not collision resistant. It is possible to create two files that share the same checksum. • We can include the checksum of the whole project in the build process and check it regularly. HASH FUNCTIONS
  • 46. use SymfonyComponentFinderFinder; $finder = new Finder(); $finder->in(__DIR__ . ‘/project') ->files() ->name('*.php'); $hashes = ''; foreach ($finder as $file) { $hashes .= sha1($file->getContents()); } // hash of the whole project $hash = sha1($hashes); HASH FUNCTIONS
  • 48. • The PHAR extension provides a way to put entire PHP applications into a single file. • Equivalent to Java JAR files. • PHAR files can contain a signature (checksum) of the included files. PHAR SIGNATURES
  • 49. Stub Manifest File contents Signature Actual contents of the files Describes the contents of the files: filename, size, timestamp, CRC32… Phar Signature in MD5, SHA1, SHA256 or SHA512 __HALT_COMPILER(); Usually contains loader functionality PHAR SIGNATURES
  • 50. 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 77 6f 72 6c 64 21 27 3b 0a 0a 5f 5f 48 41 |o world!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| Stub Manifest File contents Signature Signature flags Magic GBMB PHAR SIGNATURES
  • 51. 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 74 68 65 72 65 21 27 3b 0a 0a 5f 5f 48 41 |o there!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 01 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| PharException: phar "test.phar" has a broken signature in /home/raul/test.phar on line 4 PHAR SIGNATURES
  • 52. 23 21 2f 75 73 72 2f 62 69 6e 2f 65 6e 76 20 70 |#!/usr/bin/env p| 68 70 0a 3c 3f 70 68 70 0a 0a 50 68 61 72 3a 3a |hp.<?php..Phar::| 6d 61 70 50 68 61 72 28 27 74 65 73 74 2e 70 68 |mapPhar('test.ph| 61 72 27 29 3b 0a 65 63 68 6f 20 27 68 65 6c 6c |ar');.echo 'hell| 6f 20 74 68 65 72 65 21 27 3b 0a 0a 5f 5f 48 41 |o there!';..__HA| 4c 54 5f 43 4f 4d 50 49 4c 45 52 28 29 3b 20 3f |LT_COMPILER(); ?| 3e 0d 0a 33 00 00 00 01 00 00 00 11 00 00 00 00 |>..3............| 00 00 00 00 00 00 00 00 00 05 00 00 00 31 2e 74 |.............1.t| 78 74 10 00 00 00 d2 1e 50 53 10 00 00 00 26 fb |xt......PS....&.| a7 61 b6 01 00 00 00 00 00 00 53 6f 6d 65 20 72 |.a........Some r| 61 6e 64 6f 6d 20 74 65 78 74 23 b5 11 ce 2c 41 |andom text#...,A| e0 d4 3a db 21 ee cc ec c2 8c f6 3f 93 e2 02 00 |..:.!……?....| 00 00 47 42 4d 42 |..GBMB| PharException: phar "test.phar" does not have a signature in /home/raul/test.phar on line 4 phar.require_hash = On PHAR SIGNATURES
  • 53. DEMO