Learn about advanced web application security techniques in this 42-minute conference talk from BSides Las Vegas 2012. Explore the lifecycle of exploits, specific attacks against software, and PHP-CGI remote code execution. Dive into attack response strategies, incident handling, and auditing practices, including file system monitoring and cleanup techniques. Examine attacker motivations, backdoor evolution, and methods for detecting and analyzing malicious code. Gain insights into .htaccess infections, IP address tracking, and advanced backdoor techniques such as variable function calls. Enhance your web security knowledge with practical examples and recommendations for further reading.
Overview
Syllabus
Intro
Break Down
Collecting data
Trend data sets
Attacks!
Specific attacks against software
Life-cycle of an exploit
Theory about this trend...
PHP-CGI remote code execution
Attack Response
Attack sources
A little about incident response
Response breakdown
Standard approach
Auditing nitty gritty
File System Monitoring
Using find to cleanup
Attacker Motivation
Example.htaccess infection
Registrars
IP address
Backdoor evolution
Collection
Getting backdoors from attack logs
Dead Simple
Base64 decode
Regex revenge
Variables as functions
Backdoor Conclusions
Further Reading
