We’ve all encountered the issue: a blank screen or worse, a 500 error on the server. How do you cope with this kind of issue, what do you do to find the culprit and resolve the error.
The document discusses debugging WordPress websites. It provides tips on examining server logs to find errors, enabling WP_DEBUG in wp-config.php to output debugging information, and using the wp-cli command line interface to manage plugins, themes and check for errors. Common errors like "headers already sent" are presented along with solutions. The presenter's contact details and promise to share the slides on social media are listed at the end.
The document is a PHP script that implements a web shell or backdoor that allows remote execution of system commands and access to files on the server. It includes functions for scanning directories, downloading and uploading files, modifying file permissions, and more. The script also implements SQL injection attacks and has a "back connect" function to create a reverse shell connection back to the attacker's machine.
The document outlines various HTTP requests to the Facebook Graph API to perform actions like retrieving a user's friends, posting photos and comments to a profile, and parsing the JSON response to insert friend data into a Salesforce object. Code examples are provided to authenticate via OAuth, make GET and POST requests, and parse the JSON response to extract and insert name and ID fields.
The document contains log entries from an application that is parsing command line arguments and configuration files to set up and launch an installation process. It spawns a 64-bit version of itself to perform the installation, then checks the result code returned. The installation completed successfully with no errors.
The document discusses the importance of protecting natural resources and the environment through sustainable practices. It notes that while economic development is important, it cannot come at the cost of degrading natural systems that support life. The author argues that governments, organizations, and individuals need to find a balanced approach that allows for growth and conservation of natural capital for current and future generations.
This document discusses OAuth and OpenID Connect for authentication and authorization. It begins with an introduction to traditional authentication and its limitations. OAuth is then introduced as a solution, with descriptions of the authorization code and implicit flows. JSON Web Tokens and their structure are explained. Code samples are provided for building an OAuth authorization server and API with Express, JWT, and other packages. Finally, OpenID Connect is discussed as an identity layer that builds on OAuth 2.0, with descriptions of its scopes and flows.
This document provides a summary of a research paper in 3 paragraphs:
The first paragraph introduces the topic of the paper, which examines how memory and recall are impacted by aging. It notes that memory can decline with age and that this paper studies the specific effects of aging on recall and the ability to remember events from the past.
The second paragraph discusses the methodology of the study. It explains that the study tested younger and older adults and had them complete tasks involving recalling lists of words or details from stories. The study measured factors like how many items the participants could recall and how long it took them to recall the information.
The third paragraph summarizes some of the key results. It reports that the study found
This document contains contact information and phone extensions for various groups within the company. It lists phone numbers, email addresses, conference room extensions and virtual machine information for departments like CMM, MFA, Gemline, Permalite, and BPG. It also includes physical and virtual server information for the datacenter.
The document discusses debugging WordPress websites. It provides tips on examining server logs to find errors, enabling WP_DEBUG in wp-config.php to output debugging information, and using the wp-cli command line interface to manage plugins, themes and check for errors. Common errors like "headers already sent" are presented along with solutions. The presenter's contact details and promise to share the slides on social media are listed at the end.
The document is a PHP script that implements a web shell or backdoor that allows remote execution of system commands and access to files on the server. It includes functions for scanning directories, downloading and uploading files, modifying file permissions, and more. The script also implements SQL injection attacks and has a "back connect" function to create a reverse shell connection back to the attacker's machine.
The document outlines various HTTP requests to the Facebook Graph API to perform actions like retrieving a user's friends, posting photos and comments to a profile, and parsing the JSON response to insert friend data into a Salesforce object. Code examples are provided to authenticate via OAuth, make GET and POST requests, and parse the JSON response to extract and insert name and ID fields.
The document contains log entries from an application that is parsing command line arguments and configuration files to set up and launch an installation process. It spawns a 64-bit version of itself to perform the installation, then checks the result code returned. The installation completed successfully with no errors.
The document discusses the importance of protecting natural resources and the environment through sustainable practices. It notes that while economic development is important, it cannot come at the cost of degrading natural systems that support life. The author argues that governments, organizations, and individuals need to find a balanced approach that allows for growth and conservation of natural capital for current and future generations.
This document discusses OAuth and OpenID Connect for authentication and authorization. It begins with an introduction to traditional authentication and its limitations. OAuth is then introduced as a solution, with descriptions of the authorization code and implicit flows. JSON Web Tokens and their structure are explained. Code samples are provided for building an OAuth authorization server and API with Express, JWT, and other packages. Finally, OpenID Connect is discussed as an identity layer that builds on OAuth 2.0, with descriptions of its scopes and flows.
This document provides a summary of a research paper in 3 paragraphs:
The first paragraph introduces the topic of the paper, which examines how memory and recall are impacted by aging. It notes that memory can decline with age and that this paper studies the specific effects of aging on recall and the ability to remember events from the past.
The second paragraph discusses the methodology of the study. It explains that the study tested younger and older adults and had them complete tasks involving recalling lists of words or details from stories. The study measured factors like how many items the participants could recall and how long it took them to recall the information.
The third paragraph summarizes some of the key results. It reports that the study found
This document contains contact information and phone extensions for various groups within the company. It lists phone numbers, email addresses, conference room extensions and virtual machine information for departments like CMM, MFA, Gemline, Permalite, and BPG. It also includes physical and virtual server information for the datacenter.
This document contains random letters, numbers, punctuation and symbols with no discernible meaning or structure. It switches frequently between different characters with no obvious pattern or organization.
A memory leak was detected in an application. 68 bytes were leaked by a thread allocating memory for a TAIMPBassFileInfoReader object. Attempts were also made to use interfaces of freed objects, which could cause access violations.
The document contains configuration commands and instructions for network services and security tools like Squid, Snort, iptables etc. It discusses configuring proxy, firewall and intrusion prevention rules to allow or block certain sites, file types and ports. It also contains commands to restart services like Squid, DNS, mail etc and check their status. System monitoring commands like ps, netstat are also included to check if processes are running.
The document discusses a login form that submits username and password values to a logon.asp page using a POST method hidden form. It also includes sample SQL queries to select users from a users table where the username and password match the submitted values, and to select past publication data from a numeros_anteriores table where the edition matches a value passed into a libreria.asp page. The document provides examples of using hidden form elements and SQL queries to authenticate users and retrieve related data in a web application.
papa pump off grid water pump far away from public utilities - papa ram pumptapanma
The document discusses using stored water from a pump to provide power for a home. It notes that pumping water to an elevated storage tank allows it to be released through pipes to power hydroelectric generators, providing electricity. This simple micro-hydro system can offer off-grid homes a renewable source of energy without needing batteries or solar panels.
Never judge a book by it's cover is what grandpa used to tell me. Well, never judge any program in China from first glance. Most everything offered to foreigners in China is NOT what it appears to be. If you ask Gi2c to answer these 21 questions, you will see that it is a believable and sophisticated China job fraud, and over 2 dozen victims are telling their stories on Reddit.com and at Scam.com
Stalin and soviet industrialisation vox, cepr policy portaltapanma
1. The document discusses Russia's industrialization policies from the early 1900s to the late 1920s.
2. It analyzes how Russia used a top-down structural transformation approach to develop its economy, with the state playing a leading role in industrialization.
3. This policy served as a model for other developing countries and helped Russia become one of the world's leading industrial powers within a few decades, though it also had significant economic and human costs.
Joseph stalin national hero or cold blooded murderer- - bbc teachtapanma
Joseph is born in Georgia in the late 19th century to an alcoholic father and washerwoman mother. As a young boy, he shows interest in astronomy and spends much of his time exploring the night sky. Despite facing poverty and racism, Joseph works hard in school and goes on to attend college, eventually landing a job at the Meteorological Observatory where he is able to further his scientific studies.
1. Developments in digital media and technology are accelerating at an unprecedented pace, making it difficult to report on trends that may change quickly.
2. Social media platforms like Facebook and new applications are disrupting traditional business models and becoming major players in commerce.
3. Companies are racing to establish a foothold in the large Chinese market, as access to its consumers could mean billions in revenue. Emerging trends in technology and how people use digital tools are reshaping global business landscapes.
- The document discusses the process of forking and creating new processes in an operating system. It describes the key steps like allocating memory for the child process, copying resources from the parent, and starting the new process.
- Code examples are provided to demonstrate how fork is implemented at the system call level and how it is used in C programs to create new threads.
- The document also explains the data structures and functions involved in process switching and context switching between threads.
Ação Civil Pública do MPSC pedindo melhorias no sistema de tratamento de esgoto do Condomínio Residencial Real Class Villee, em Chapecó. No documento também consta a liminar da justiça sobre o caso.
The document contains mathematical equations and expressions. It discusses concepts such as functions, variables, operators, and inequalities. Various mathematical operations and relationships are defined between expressions using symbols like equals signs, plus/minus signs, and inequality signs. Different methods of solving equations and expressions are presented.
1. The document discusses mathematical concepts including sets, functions, vectors, and inequalities.
2. Equations and expressions involving variables such as λ, ρ, and CD are presented along with set notation.
3. Properties and relationships between various mathematical objects are described across multiple domains.
This document discusses integrating WordPress with web APIs. It defines APIs and provides examples using the Treehouse and ShopLocket APIs. It demonstrates making GET requests to retrieve data and displaying it in WordPress using JSON, AJAX, and PHP. It also covers authentication methods like OAuth and discusses best practices for caching API responses and handling errors.
An application programming interface (API) is a way for two different pieces of software to communicate with each other. In your WordPress plugins and themes, you’ll often want to pull data from or send data to a third-party service that has an API. In this talk, Randy will explain the terminology you need to know to get started, share best practices and techniques for integrating with APIs, and walk through two real-world examples. You’ll leave with code snippets to help you get started integrating.
The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.
This document provides an overview of building a real world web application in 2 hours or less using CakePHP and MySQL. It introduces the speakers and demonstrates connecting to a server, setting up a database with tables and sample data, and using CakePHP's MVC framework to build out a student management application with basic CRUD functionality. Key aspects covered include generating models, controllers and views to display and add students. The goal is to provide an interactive follow along tutorial for creating a simple but functional web app from start to finish in a short period of time.
Creating a RESTful API requires considering REST principles, API practices of major tech companies, and balancing purist and pragmatic approaches. The document provides guidance on designing URLs, HTTP verbs and status codes, authentication, versioning, and other concepts to create a usable and discoverable API. It emphasizes building APIs for application developers using standard patterns like OAuth2 and focusing on common use cases.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
My presentation on how to use malware indicators of compromise to create rootcheck signatures for OSSEC. Explains different malware collection and analysis techniques.
Keynote that was being held at API Days 2014 in Paris. It covers the rapid growth of IoT and how developers can start applying their APIs in order to be ready for this new era of connected hardware.
This document contains random letters, numbers, punctuation and symbols with no discernible meaning or structure. It switches frequently between different characters with no obvious pattern or organization.
A memory leak was detected in an application. 68 bytes were leaked by a thread allocating memory for a TAIMPBassFileInfoReader object. Attempts were also made to use interfaces of freed objects, which could cause access violations.
The document contains configuration commands and instructions for network services and security tools like Squid, Snort, iptables etc. It discusses configuring proxy, firewall and intrusion prevention rules to allow or block certain sites, file types and ports. It also contains commands to restart services like Squid, DNS, mail etc and check their status. System monitoring commands like ps, netstat are also included to check if processes are running.
The document discusses a login form that submits username and password values to a logon.asp page using a POST method hidden form. It also includes sample SQL queries to select users from a users table where the username and password match the submitted values, and to select past publication data from a numeros_anteriores table where the edition matches a value passed into a libreria.asp page. The document provides examples of using hidden form elements and SQL queries to authenticate users and retrieve related data in a web application.
papa pump off grid water pump far away from public utilities - papa ram pumptapanma
The document discusses using stored water from a pump to provide power for a home. It notes that pumping water to an elevated storage tank allows it to be released through pipes to power hydroelectric generators, providing electricity. This simple micro-hydro system can offer off-grid homes a renewable source of energy without needing batteries or solar panels.
Never judge a book by it's cover is what grandpa used to tell me. Well, never judge any program in China from first glance. Most everything offered to foreigners in China is NOT what it appears to be. If you ask Gi2c to answer these 21 questions, you will see that it is a believable and sophisticated China job fraud, and over 2 dozen victims are telling their stories on Reddit.com and at Scam.com
Stalin and soviet industrialisation vox, cepr policy portaltapanma
1. The document discusses Russia's industrialization policies from the early 1900s to the late 1920s.
2. It analyzes how Russia used a top-down structural transformation approach to develop its economy, with the state playing a leading role in industrialization.
3. This policy served as a model for other developing countries and helped Russia become one of the world's leading industrial powers within a few decades, though it also had significant economic and human costs.
Joseph stalin national hero or cold blooded murderer- - bbc teachtapanma
Joseph is born in Georgia in the late 19th century to an alcoholic father and washerwoman mother. As a young boy, he shows interest in astronomy and spends much of his time exploring the night sky. Despite facing poverty and racism, Joseph works hard in school and goes on to attend college, eventually landing a job at the Meteorological Observatory where he is able to further his scientific studies.
1. Developments in digital media and technology are accelerating at an unprecedented pace, making it difficult to report on trends that may change quickly.
2. Social media platforms like Facebook and new applications are disrupting traditional business models and becoming major players in commerce.
3. Companies are racing to establish a foothold in the large Chinese market, as access to its consumers could mean billions in revenue. Emerging trends in technology and how people use digital tools are reshaping global business landscapes.
- The document discusses the process of forking and creating new processes in an operating system. It describes the key steps like allocating memory for the child process, copying resources from the parent, and starting the new process.
- Code examples are provided to demonstrate how fork is implemented at the system call level and how it is used in C programs to create new threads.
- The document also explains the data structures and functions involved in process switching and context switching between threads.
Ação Civil Pública do MPSC pedindo melhorias no sistema de tratamento de esgoto do Condomínio Residencial Real Class Villee, em Chapecó. No documento também consta a liminar da justiça sobre o caso.
The document contains mathematical equations and expressions. It discusses concepts such as functions, variables, operators, and inequalities. Various mathematical operations and relationships are defined between expressions using symbols like equals signs, plus/minus signs, and inequality signs. Different methods of solving equations and expressions are presented.
1. The document discusses mathematical concepts including sets, functions, vectors, and inequalities.
2. Equations and expressions involving variables such as λ, ρ, and CD are presented along with set notation.
3. Properties and relationships between various mathematical objects are described across multiple domains.
This document discusses integrating WordPress with web APIs. It defines APIs and provides examples using the Treehouse and ShopLocket APIs. It demonstrates making GET requests to retrieve data and displaying it in WordPress using JSON, AJAX, and PHP. It also covers authentication methods like OAuth and discusses best practices for caching API responses and handling errors.
An application programming interface (API) is a way for two different pieces of software to communicate with each other. In your WordPress plugins and themes, you’ll often want to pull data from or send data to a third-party service that has an API. In this talk, Randy will explain the terminology you need to know to get started, share best practices and techniques for integrating with APIs, and walk through two real-world examples. You’ll leave with code snippets to help you get started integrating.
The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.
This document provides an overview of building a real world web application in 2 hours or less using CakePHP and MySQL. It introduces the speakers and demonstrates connecting to a server, setting up a database with tables and sample data, and using CakePHP's MVC framework to build out a student management application with basic CRUD functionality. Key aspects covered include generating models, controllers and views to display and add students. The goal is to provide an interactive follow along tutorial for creating a simple but functional web app from start to finish in a short period of time.
Creating a RESTful API requires considering REST principles, API practices of major tech companies, and balancing purist and pragmatic approaches. The document provides guidance on designing URLs, HTTP verbs and status codes, authentication, versioning, and other concepts to create a usable and discoverable API. It emphasizes building APIs for application developers using standard patterns like OAuth2 and focusing on common use cases.
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
Malware Detection with OSSEC HIDS - OSSECCON 2014Santiago Bassett
My presentation on how to use malware indicators of compromise to create rootcheck signatures for OSSEC. Explains different malware collection and analysis techniques.
Keynote that was being held at API Days 2014 in Paris. It covers the rapid growth of IoT and how developers can start applying their APIs in order to be ready for this new era of connected hardware.
Building Web-API without Rails, Registration or SMSPivorak MeetUp
The document discusses problems with Rails and other frameworks like Sinatra, and proposes using Rack to build a simple yet high-performing API framework. It demonstrates how to build responders as Rack applications with classes that encapsulate response codes, headers and bodies. The responder framework is faster and more maintainable than alternatives like Rails or Sinatra. It achieves performance gains through a minimalistic approach while still supporting features like status codes, parameters and metadata.
The document provides information about a Drupal training session on fixing a broken Drupal site. It includes an agenda for the lab session which involves fixing issues related to site building, security, performance, and content architecture through exercises. Participants will be split into teams and each given a broken Drupal site to work on fixing. Automated tools and techniques for profiling site performance will be demonstrated.
Webinar - 2020-09-23 - Escape the ticketing turmoil with Teleport PagerDuty &...Teleport
Teleport allows you to implement industry-best practices for SSH and Kubernetes access, meet compliance requirements, and have complete visibility into access and behavior. But invariably, change happens. Teleport allows users to request elevated privileges in the middle of their command-line sessions and create fully auditable dynamic authorizations . These requests can be approved or denied via ChatOps in Slack, in PagerDuty, or anywhere else via a flexible Authorization Workflow API.
-The Slack integration allows users to access role permission requests through Slack messages and approve from within the app.
-The PagerDuty integration allows Teleport permission requests to function as PagerDuty incidents. They can be approved or denied through a PagerDuty special action.
Link to video:
https://youtu.be/onyoT8BCSe0
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
PHP SA 2014 - Releasing Your Open Source Projectxsist10
The document provides guidance on releasing open source projects. It discusses security, hosting, managing source code, package management, design patterns, testing, and resources. The key recommendations are to focus on security, use GitHub for hosting, manage versions with SemVer, use Composer for dependencies, implement common design patterns, write unit tests with at least 80% coverage, and wrap resources to allow for mocking in tests.
Logstash for SEO: come monitorare i Log del Web Server in realtimeAndrea Cardinale
This document discusses using Logstash to collect, parse, and analyze log files. It begins with an introduction to logs and Logstash. It then covers installing and configuring Logstash - including using inputs to collect logs, filters to parse and transform data, and outputs to send parsed logs to a storage system. The document demonstrates a Logstash configuration to collect Apache access logs, parse fields using Grok, and output to Elasticsearch for analysis with Kibana. It concludes with tips on using Logstash for SEO-related tasks like analyzing crawler behavior and page load speeds.
The document provides details about a project to implement a network infrastructure for Orange Creek, Inc., a banking software company. It includes objectives such as creating a network for 180 employees, establishing Wi-Fi, providing email/web servers, and implementing security systems. It outlines the project approach, work breakdown structure, budget, hardware requirements, and quality assurance plans to ensure the network meets requirements and regulations for the banking industry.
Real World Lessons on the Pain Points of Node.js ApplicationsBen Hall
The document discusses several pain points experienced with Node.js applications and solutions for resolving them. It covers creating a strong foundation by upgrading to Node.js v5, locking down NPM dependencies, handling errors properly with try/catch blocks and promises, deploying applications using Docker for scaling, addressing security issues, and using tools like debug and profilers to improve performance.
A two hour workshop that provides a practical introduction to secure coding. This was part of the {DECIPHER} Hackathon (https://www.eventbrite.sg/e/decipher-hackathon-tickets-57968120208).
Beyond php - it's not (just) about the codeWim Godden
Most PHP developers focus on writing code. But creating Web applications is about much more than just wrting PHP. Take a step outside the PHP cocoon and into the big PHP ecosphere to find out how small code changes can make a world of difference on servers and network. This talk is an eye-opener for developers who spend over 80% of their time coding, debugging and testing.
Similar to WordCamp Antwerp - 3/3/2018 - Debugging WordPress by Brecht Ryckaert (20)
These are the slides of a talk I presented at WordCamp Nijmegen 2018, on august 31st. In this talk I show a couple of techniques that can be used to scale a WordPress site with a severely limited budget.
These are the slides of the "WordPress Security Best Practices" I gave at the Ieper WordPress Meetup. This presentation points out 17 tips and tricks which you can apply to your WordPress site to improve your security
This is an a-typical WordPress Security talk to say the least. It touches on many things, such as penetration testing, the advantages of content delivery networks (CDN) and much more, but it does not touch on WordPress or its backend.
The document discusses various potential causes of slow website performance and recommendations to address them. It identifies plugins, unoptimized elements, render-blocking elements, external delays, and server issues as potential causes. It then provides recommendations such as limiting plugins, optimizing images, reducing render-blocking elements, optimizing the database, using CSS sprites, enabling gzip compression, disabling entity tags, leveraging caching, and considering a CDN or technologies like Varnish and Redis object caching to further improve performance.
This document provides tips for optimizing a WordPress site for performance. It recommends analyzing the site using tools like Firebug and GTmetrix to identify issues. Common problems include slow initial page loads due to too many database queries and large image files. The document outlines plugins and code tweaks that can help, such as caching plugins, GZIP compression, and leveraging a content delivery network. An ideal setup is proposed using Varnish as a reverse proxy cache in front of Redis for object caching. Redis is preferred over Memcached due to its larger object size limits and broader language support.
Securing BGP: Operational Strategies and Best Practices for Network Defenders...APNIC
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
Discover the benefits of outsourcing SEO to Indiadavidjhones387
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...APNIC
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
HijackLoader Evolution: Interactive Process HollowingDonato Onofri
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
WordCamp Antwerp - 3/3/2018 - Debugging WordPress by Brecht Ryckaert
1. D E B U G G I N G W O R D P R E S S
B R E C H T RY C K A E R T
2. B R E C H T
RY C K A E R T
• Works at combell.com
• WP user since 1.5
• Passionate about
WordPress Security &
Performance
@brechtryckaert
brechtryckaert.com
3. W H E N L A U N C H I N G
Y O U R N E W W E B S I T E
4. O R W H E N U P D AT I N G Y O U R
P L U G I N S O R T H E M E S
5. … O R E V E N M I G R AT I N G
Y O U R W E B S I T E …
6.
7.
8. W H O ’ S E X P E R I E N C E D
T H I S B E F O R E ?
9. D O E S N ’ T I T M A K E Y O U
F E E L L I K E …
13. 4 0 0 - C O D E S
5 0 0 - C O D E S
You stuffed up (client errors)
Your server stuffed up (server errors)
14. 400 Bad Request
401 Unauthorized (RFC 7235)
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
…
15. 400 Bad Request
401 Unauthorized (RFC 7235)
402 Payment Required
403 Forbidden
404 Not Found
405 Method Not Allowed
…
16. 500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
…
17. 500 Internal Server Error
501 Not Implemented
502 Bad Gateway
503 Service Unavailable
504 Gateway Timeout
…
D O N ’ T A S K M E .
I ’ M C L U E L E S S ; - )
28. W P _ D E B U G
In wp-config.php:
define( 'WP_DEBUG', false );
Enable debugging:
define( 'WP_DEBUG', true );
29. W P _ D E B U G
Extra statements:
define('WP_DEBUG_LOG', true);
Creates logfile in:
/wp-content/debug.log
30. W P _ D E B U G
Prevent public displaying of errors:
define('WP_DEBUG_DISPLAY', false);
31. W P _ D E B U G
Ideal setup:
define('WP_DEBUG', true);
define('WP_DEBUG_LOG', true);
define('WP_DEBUG_DISPLAY', false);
32. A D D I N G W P - C L I
T O Y O U R T O O L K I T
33. W P - C L I
wp plugin list
wp plugin deactivate
wp plugin activate
wp theme list
wp theme deactivate
wp theme activate
wp checksum core
wp checksum plugin (from version 1.5)
34. W P T H E M E L I S T R E S U LT
Parse error: syntax error, unexpected '$z9973449' (T_VARIABLE) in /data/sites/web/somewebsite/
www/wp-includes/post-template.php on line 1
Warning: array_splice() expects parameter 1 to be array, string given in /data/sites/web/somewebsite/
www/wp-content/plugins/akismet/favicon_316779.ico(105) : eval()'d code(165) : eval()'d code(202) :
eval()'d code on line 206
Warning: Invalid argument supplied for foreach() in /data/sites/web/somewebsite/www/wp-content/
plugins/akismet/favicon_316779.ico(105) : eval()'d code(165) : eval()'d code(202) : eval()'d code on
line 207
35. W P T H E M E L I S T R E S U LT
Parse error: syntax error, unexpected '$z9973449' (T_VARIABLE) in /data/sites/web/somewebsite/
www/wp-includes/post-template.php on line 1
Warning: array_splice() expects parameter 1 to be array, string given in /data/sites/web/somewebsite/
www/wp-content/plugins/akismet/favicon_316779.ico(105) :
eval()'d code(165) : eval()'d code(202) : eval()'d code on line 206
Warning: Invalid argument supplied for foreach() in /data/sites/web/somewebsite/www/wp-content/
plugins/akismet/favicon_316779.ico(105) : eval()'d code(165) : eval()'d code(202) : eval()'d code on
line 207
37. S C R I P T _ D E B U G
Forces WordPress to use the “dev” versions of some
core CSS and JavaScript files rather than the minified
versions that are normally loaded. This is useful when you
are testing modifications to any built-in .js or .css files.
define( 'SCRIPT_DEBUG', true );
39. S AV E Q U E R I E S
Force WordPress to store information about queries in a
$wpdb array.
define( 'SAVEQUERIES', true );
40. S AV E Q U E R I E S
Visualize by adding this to footer.php:
if ( current_user_can( 'administrator' ) ) {
global $wpdb;
echo '<pre>';
print_r( $wpdb->queries );
echo '</pre>';
}
42. C O R E
C O N T R O L
• verify crons
• taking manual control of
upgrades
• do HTTP-logging
• Test HTTP-transport-
methods (GET/POST
requests)
https://wordpress.org/plugins/core-control/
43. W P D E B U G
B A R
• Verify queries
• Verify cache
• Verify requests
https://wordpress.org/plugins/debug-bar/
44. T Y P I C A L E R R O R S
A N D H O W T O F I X T H E M
45.
46.
47.
48.
49. Warning: Cannot modify header information - headers already sent by (output started at /data/sites/
web/somewebsite/www/wp-settings.php:84) in /data/sites/web/somewebsite/www/wp-includes/
option.php on line 920
50. Warning: Cannot modify header information - headers already sent by
(output started at /data/sites/web/somewebsite/www/wp-settings.php:84) in /data/sites/web/
somewebsite/www/wp-includes/option.php on line 920
51. H E A D E R S A L R E A D Y S E N T
P O S S I B L E C A U S E S
• Whitespace before <?php or after ?>
• print, echo and other functions producing output
• Raw <html> sections prior <?php code.
57. T H A N K Y O U !
S L I D E S W I L L B E T W E E T E D O N
@ B R E C H T RY C K A E R T
A N D P U B L I S H E D O N
H T T P S : / / B R E C H T RY C K A E R T. C O M