A wide variety of video material distributed by the Chaos Computer Club. This feed contains all events from 33c3 as mp3
https://media.ccc.de/c/33c3
Exploiting PHP7 unserialize (33c3)
PHP-7 is a new version of the most prevalent server-side language in use today. Like previous version, this version is also vulnerable to memory corruptions. However, the language has gone through extensive changes and none of previous exploitation techniques are relevant. In this talk, we explore the new memory internals of the language from exploiters and vulnerability researchers point of view. We will explain newly found vulnerabilities in the 'unserialize' mechanism of the language and present re-usable primitives for remote exploitation of these vulnerabilities. about this event: https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/7858.html