As a security professional, I find myself doing more malware removal from websites that are run using either WordPress, Joomla or Drupal. Most of what I find are php files that are riddled with base64 code. This code is great for threat actors to hide their invasive malware from malware scanners. I want to show you how to find this code and show what is hidden in your php files.
As a penetration tester I have many tools that I use to help with web application testing, but the one tool that never lets me down is Burp suite by portswigger. Burp suite is an intercepting proxy that allows you to modify and inspect web traffic, it comes in two flavors, free and paid. The… Read More »Burp Series: Intercepting and modifying made easy