{"guid":"import-37514cebcac18da418","title":"Vulnerability discovery in encrypted closed source PHP applications","subtitle":null,"slug":"25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications","link":"http://events.ccc.de/congress/2008/Fahrplan/events/2678.en.html","description":"Security audits of PHP applications are usually performed on a source code basis. However sometimes vendors protect their source code by encrypting their applications with runtime (bytecode-)encryptors. When these tools are used source code analysis is no longer possible and because these tools change how PHP works internally, several greybox security scanning/fuzzing techniques relying on hooks fail, too.\n","original_language":"eng","persons":["Stefan Esser"],"tags":["25c3"," Hacking"],"view_count":45,"promoted":false,"date":"2008-12-28T01:00:00.000+01:00","release_date":"2008-12-30T01:00:00.000+01:00","updated_at":"2026-04-02T19:15:07.431+02:00","length":3607,"duration":3607,"thumb_url":"https://static.media.ccc.de/media/congress/2008/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.jpg","poster_url":"https://static.media.ccc.de/media/congress/2008/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2008/import-37514cebcac18da418-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2008/import-37514cebcac18da418-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications","url":"https://api.media.ccc.de/public/events/import-37514cebcac18da418","conference_title":"25C3: nothing to hide","conference_url":"https://api.media.ccc.de/public/conferences/25c3","related":[{"event_id":1048,"event_guid":"import-63b6e70b859a1b152d","weight":1},{"event_id":1360,"event_guid":"import-f9ac90b62273f05d2e","weight":1},{"event_id":1600,"event_guid":"import-bd4b532fec427e30cb","weight":1},{"event_id":1608,"event_guid":"import-9013654b84fc374d59","weight":1},{"event_id":1667,"event_guid":"import-a5a5dd91ef7a9120d5","weight":1},{"event_id":2086,"event_guid":"1q4jAFZgpy0xvFH-XpS70g","weight":1},{"event_id":2371,"event_guid":"318a2c32-3c4e-44b3-8037-778f022dad03","weight":1},{"event_id":2411,"event_guid":"11c76880-897c-4506-bda6-f33745200c92","weight":1},{"event_id":2597,"event_guid":"fabeda96-ad93-41b1-b12d-768445cc60bd","weight":1},{"event_id":3166,"event_guid":"LpuYnAfj4Zh7imchKOxLDg","weight":1},{"event_id":3167,"event_guid":"Wo3YoeBJuzJgaBduSunAZg","weight":1},{"event_id":3386,"event_guid":"02c20a13-fdf5-4fc3-a86a-dbb08a23ea20","weight":1},{"event_id":3617,"event_guid":"cb67ad7f-7e12-4f34-aec0-748a61f3f958","weight":1},{"event_id":3681,"event_guid":"149f13d4-cc8c-49a9-9e68-544754646022","weight":1},{"event_id":3803,"event_guid":"3a85b5ca-222d-11e7-b6e0-a743b98e1890","weight":1},{"event_id":3930,"event_guid":"SGalEkMfbjvUHtG8OucYjg","weight":1},{"event_id":4257,"event_guid":"9f3c556d-5cb0-4b17-a099-3c4626a7e83b","weight":1}],"recordings":[{"size":461,"length":3607,"mime_type":"audio/ogg","language":"eng","filename":"25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.ogg","state":"downloaded","folder":"audio_only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-10T15:26:44.693+02:00","recording_url":"https://cdn.media.ccc.de/congress/2008/audio_only/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.ogg","url":"https://api.media.ccc.de/public/recordings/2154","event_url":"https://api.media.ccc.de/public/events/import-37514cebcac18da418","conference_url":"https://api.media.ccc.de/public/conferences/25c3"},{"size":461,"length":3607,"mime_type":"video/mp4","language":"eng","filename":"25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.mp4","state":"downloaded","folder":"video_h264_720x576","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:30.382+01:00","recording_url":"https://cdn.media.ccc.de/congress/2008/video_h264_720x576/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.mp4","url":"https://api.media.ccc.de/public/recordings/2153","event_url":"https://api.media.ccc.de/public/events/import-37514cebcac18da418","conference_url":"https://api.media.ccc.de/public/conferences/25c3"},{"size":461,"length":3607,"mime_type":"video/webm","language":"eng","filename":"25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:30.414+01:00","recording_url":"https://cdn.media.ccc.de/congress/2008/webm/25c3-2678-en-vulnerability_discovery_in_encrypted_closed_source_php_applications.webm","url":"https://api.media.ccc.de/public/recordings/2152","event_url":"https://api.media.ccc.de/public/events/import-37514cebcac18da418","conference_url":"https://api.media.ccc.de/public/conferences/25c3"}]}