blob: d13f33ab2f0eefdd9c1810abda0f16e6cd91d646 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
Propaganda
==========
This pages lists various mentions, articles, usages and presentations about Snuffleupagus.
Talks
-----
2017
""""
- `BerlinSide0x08 <https://berlinsides.org/?page_id=2168>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/berlinsides_2017.pdf>`__
- `Hack.lu 2017 <https://2017.hack.lu/talks/>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/hacklu_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=RzaRiuJ6MkI>`__
- `BlackAlps <https://blackalps.ch/2017program.php>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/blackalps_2017.pdf>`__ - `video <https://www.youtube.com/watch?v=2GeUnOzDGxc>`__
2018
""""
- `Pass the Salt <https://2018.pass-the-salt.org/schedule/#snuffleupagus>`_ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/passthesalt_2018.pdf>`__ - `video <https://passthesalt.ubicast.tv/videos/snuffleupagus-killing-bug-classes-and-virtual-patching-the-rest/>`__
- `44con <https://44con.com/44con/44con-2018/44con-2018-talks/>`__ - `slides <https://github.com/jvoisin/snuffleupagus/blob/master/slides/44con_2018.pdf>`__
2020
""""
- `Modern PHP security - sec4dev 2020, Vienna - Synacktiv <https://www.synacktiv.com/ressources/modern_php_security_sec4dev.pdf>`__ - `sec4dev 2020 <https://sec4dev.io/2020>`__
Mentions
--------
2017
""""
- `Habr - PHP-Дайджест № 118 – свежие новости, материалы и инструменты <https://habr.com/en/company/zfort/blog/339630/>`__ (ru) - Habr
- `Intrinsec's blog - Hack.lu 2017 <https://securite.intrinsec.com/2017/10/20/hack-lu-2017/>`__ (fr) - Intrinsec's blog
- `Paragon Initiative Enterprises Blog - The 2018 Guide to Building Secure PHP Software <https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software>`__
2018
""""
- `Habr - PHP-Дайджест № 138 <https://habr.com/en/company/zfort/blog/422069/>`__ (ru) - Habr
- `PhpStorm's blog - PHP Annotated Monthly <https://blog.jetbrains.com/phpstorm/2018/08/php-annotated-monthly-august-2018/>`__ - PhpStorm's blog
- `PHP Weekly <http://www.phpweekly.com/archive/2018-02-08.html>`__
- `New variant in wp-gdpr-compliance vulnerability and fixing it with virtual
patching <https://medium.com/alertot/new-variant-in-wp-gdpr-compliance-vulnerability-and-fixing-it-with-virtual-patching-4b72d7496c1c>`__
- alertot
2019
""""
- `PhpStorm's blog - PHP Annotated <https://blog.jetbrains.com/phpstorm/2019/07/php-annotated-july-2019/>`__ - PhpStorm's blog
- `Habr - PHP-Дайджест № 160 <https://habr.com/ru/post/460022/>`__ (ru) - Habr
2020
""""
- `Modern PHP Security Part 2: Breaching and hardening the PHP engine <https://labs.detectify.com/2020/08/20/modern-php-security-part-2-breaching-and-hardening-the-php-engine/>`__ - Detectify's blog
2021
""""
- `Habr - PHP Дайджест № 196 <https://habr.com/ru/post/536726/>`__ (ru) - Habr
- `OWASP's PHP Configuration Cheat Sheet <https://cheatsheetseries.owasp.org/cheatsheets/PHP_Configuration_Cheat_Sheet.html#snuffleupagus>`__ - OWASP
Articles
--------
2017
""""
- `Killing php bug classes at berlinsides <https://dustri.org/b/killing-php-bug-classes-at-berlinsides.html>`__ - dustri.org
- `Snuffleu…what? <https://fr33tux.org/post/snuffleupagus/>`__ - fr33tux.org
- `Behold the Snuffleupagus <https://memze.ro/posts/behold-the-snuffleupagus/>`__ - memze.ro
- `How to harden AdwCleaner’s web backend using PHP <https://blog.malwarebytes.com/security-world/technology/2017/12/harden-adwcleaner-php-web-backend/>`__ - Malwarebyte's blog
- `First release of Snuffleupagus <https://dustri.org/b/first-release-of-snuffleupagus.html>`__ - dustri.org
- `PHP Magazine <http://phpmagazine.net/2017/11/snuffleupagus-experimental-security-module-for-php7.html>`__ - phpmagazine.net
2018
""""
- `Snuffleupagus 0.3.0 - Dentalium elephantinum <https://dustri.org/b/snuffleupagus-030-dentalium-elephantinum.html>`__ - dustri.org
- `Snuffleupagus version 0.3.0 - Dentalium elephantinum <https://linuxfr.org/news/snuffleupagus-version-0-3-0-dentalium-elephantinum>`__ (fr) - LinuxFr
2019
""""
- `Проект Snuffleupagus развивает PHP-модуль для блокирования уязвимостей <https://www.opennet.ru/opennews/art.shtml?num=51031>`__ (ru) - opennet.ru
- `What the f*ck is a Snuffleupagus? <https://medium.com/@live_the_dream/what-the-f-ck-is-a-snuffleupagus-f838fb64f857>`__ - Living The Dream
- `Snuffleupagus: Open source security tool hardens PHP sites against cyber-attacks <https://portswigger.net/daily-swig/snuffleupagus-open-source-security-tool-hardens-php-sites-against-cyber-attacks>`__ - The Daily Swig
- `Snuffleupagus versus recent high-profile vulnerabilities <https://dustri.org/b/snuffleupagus-versus-recent-high-profile-vulnerabilities.html>`__ - dustri.org
2020
""""
- `Snuffleupagus, un excelente módulo para bloquear vulnerabilidades en aplicaciones PHP <https://www.linuxadictos.com/snuffleupagus-un-excelente-modulo-para-bloquear-vulnerabilidades-en-aplicaciones-php.html>`__ (es) - linuxadictos.com
- `Выпуск Snuffleupagus 0.5.1, модуля для блокирования уязвимостей в PHP-приложениях <https://www.opennet.ru/opennews/art.shtml?num=53211>`__ (ru) - opennet.ru
- `Snuffleupagus versus recent high-profile vulnerabilities, again! <https://dustri.org/b/snuffleupagus-versus-recent-high-profile-vulnerabilities-again.html>`__ - dustri.org
- `Snuffleupagus, módulo para bloquear vulnerabilidades en aplicaciones PHP <https://underc0de.org/foro/seguridad-en-servidores/snuffleupagus-modulo-para-bloquear-vulnerabilidades-en-aplicaciones-php/>`__ - (es) - underc0de.org
2021
""""
- `Sortie de Snuffleupagus 0.7.0 - Los Elefantes <https://linuxfr.org/news/sortie-de-snuffleupagus-0-7-0-los-elefantes>`__ (fr) - linuxfr
- `Virtual patching CVE-2021-29447 with Snuffleupagus <https://dustri.org/b/virtual-patching-cve-2021-29447-with-snuffleupagus.html>`__ - dustri.org
2022
""""
- `Lightweight post-exploitation hardening in PHP via call-site freezing and
ghetto-CFI with Snuffleupagus
<https://dustri.org/b/lightweight-post-exploitation-hardening-in-php-via-call-site-freezing-and-ghetto-cfi-with-snuffleupagus.html>`__ - dustri.org
Papers
------
- `Sécurisez vos applications php avec Snuffleupagus <https://connect.ed-diamond.com/GNU-Linux-Magazine/GLMF-213/Securisez-vos-applications-PHP-avec-Snuffleupagus>`__ (fr) (paywall) - 2018-03-2018
Notable users
-------------
- `AdwCleaner <https://www.malwarebytes.com/adwcleaner/>`__'s backend- a notorious anti-pup
- `Alertot <https://www.alertot.com/>`__ - a Chilean continuous web security monitoring company
- `Control Web Panel <https://control-webpanel.com/>`__ - a free modern and intuitive control panel for servers and VPS
- `Mangadex <https://mangadex.dev/mangadex-v5-infrastructure-overview/>`__ - a major manga website
- `NBS System <https://www.nbs-system.com/>`__ - a French hosting/security company and author of snuffleupagus
- `Net4All <https://net4all.ch/>`__ - a Swiss hosting company
- `Oceanet Technology <https://www.oceanet-technology.com/>`__ - a French hosting company
- The `Swedish team <https://ccdcoe.org/news/2021/sweden-scored-highest-at-the-cyber-defence-exercise-locked-shields-2021/>`__
of the `NATO <https://www.nato.int/>`__'s `CCDCOE <https://ccdcoe.org/>`__
`Locked Shields <https://ccdcoe.org/exercises/locked-shields/>`__ exercise.
- `SwissCenter <https://swisscenter.com>`__ - a Swiss datacenter & web hosting company
- `Toolslib <https://toolslib.net/>`__ - an `Alexa top 10k <https://www.alexa.com/siteinfo/toolslib.net>`__ website
- `cPanel <https://cpanel.net/>`__ - one of the most popular web hosting control panel
|
