Exploiting PHP7 unserialize (33c3)
https://media.ccc.de/v/33c3-7858-expl... teaching a new dog old tricks PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions. However, the language has gone through extensive changes and none of previous exploitation techniques are relevant. In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and present re-usable primitives for remote exploitation of these vulnerabilities. ['Yannay Livneh']
▶︎
Software Defined Emissions (33c3)
▶︎
Matthias Kaiser - Exploiting Deserialization Vulnerabilities in Java
▶︎
Gone in 60 Milliseconds (33c3)
▶︎
Agentic ProbLLMs - Exploiting AI Computer-Use and Coding Agents with Johann Rehberger
▶︎
Turing Award Winner: Disagreeing with Google, Postgres, Future Problems | Mike Stonebraker
▶︎
Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup
▶︎
Console Hacking 2016 (33c3)
▶︎
Tips for C Programming
![Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018](https://i.ytimg.com/vi/t-zVC-CxYjw/hqdefault.jpg?sqp=-oaymwEjCNACELwBSFryq4qpAxUIARUAAAAAGAElAADIQj0AgKJDeAE=&rs=AOn4CLDgG-O6ixgfoE560ljTctP2R4urtQ)
▶︎
Deserialization: what, how and why [not] - Alexei Kojenov - AppSecUSA 2018
▶︎
How to Hide in Plain Sight: Next-Level Digital Privacy | Ivan Banov at BSidesCache 2025
▶︎
Pegasus internals (33c3)
▶︎
Practical Web Cache Poisoning: Redefining 'Unexploitable'
▶︎
Programming in Assembly without an Operating System
▶︎
Attacking .NET deserialization - Alvaro Muñoz
▶︎
Drake’s Biggest Diss on ICEMAN Isn’t a Song… It’s the Stream
▶︎
Dissecting HDMI (33c3)
▶︎
Something is jamming GPS over Europe. Here's what we found
▶︎
I Hacked This Temu Router. What I Found Should Be Illegal.
▶︎
Server-Side Template Injection: RCE For The Modern Web App
▶︎