If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Deemed ‘the write-only programming language’ by many, Perl has well-served its purpose as a successful subject for less successful programmer jokes. It’s self-obfuscating ‘TMTOWTDI’ syntax is one of the top reasons for sysadmin PTSD, nervous breakdowns, and marriage problems.
Sadly, it is 2014 and Perl still maintains a top-10 position in programming language popularity indexes – sometimes higher than JavaScript. This can be attributed to the fact it is the underlying platform running many applications still widespread today such as ‘cPanel’ or ‘Bugzilla’, as well as high-profile web sites such as Craigslist, IMDb, Slashdot, DuckDuckGo and TicketMaster, among others.
This talk will spawn a wormhole 20 years into the past, and dive into some of the more hazardous and fundamental language quirks (WAT-style), walking the audience through the discovery of vulnerable core modules and the implementation of a new exploitation technique (branding and logo included!). Using this technique, we unleash a Pandora’s box of exploits to vulnerabilities hidden under the surface for years, in some of the most popular Perl-based projects in the world. Hilarity ensuance guaranteed.