GoSecure Blog

Detecting Hidden Backdoors in PHP OPcache

In this article, we will be looking at the strategies to detect and analyze malware hidden inside an OPcache file. If you haven't read our previous article about hiding a binary webshell inside a PHP7 OPcache file, we suggest reading it before moving on.

Read More

Topics: backdoor, opcache, php, php7

Binary Webshell Through OPcache in PHP 7

Update: A follow-up article was published on the detection and the reverse-engineering of those binary web shells.

In this article, we will be looking at a new exploitation technique using the default OPcache engine from PHP 7.  Using this attack vector, we can bypass certain hardening techniques that disallow the file write access in the web directory. This could be used by an attacker to execute his own malicious code in a hardened environment.

Read More

Topics: web, exploitation, opcache, php, php7, Featured