Presentation: Code Obfuscation, PHP shells & more: what hackers do once they get passed your code

Mattias Geniar, Monday, March 31, 2014 - last modified: Thursday, September 14, 2017

I recently gave a presentation titled "Code Obfuscation, PHP shells & more: what hackers do once they get passed your (PHP) code". I've received positive feedback, which is why I think this may be worth sharing. This presentation is based on nearly a decade of experience working at

Any comments are greatly appreciated.

If the presentation embed doesn't work, it's viewable online at:

If you'd like to hear this presentation again on a User Group or conference, let me know via @mattiasgeniar or via mail at

Hi! My name is Mattias Geniar. I'm a Support Manager at Nucleus Hosting in Belgium, a general web geek & public speaker. Currently working on DNS Spy & Oh Dear!. Follow me on Twitter as @mattiasgeniar.

Share this post

Did you like this post? Will you help me share it on social media? Thanks!


Stéphan Saturday, April 5, 2014 at 18:06 - Reply

Just thought I’d stop by and thank you for this awesome share!

I’ve been dealing with largely the same issues these past 4 years.
And have found some great solutions to proactively protect customers that are either too lazy to update their CMS / plugins, or are stuck with an old version because of dependencies.

I’ll add to this by sharing some code deobfuscators I’ve found over these years:

Leave a Reply

Your email address will not be published. Required fields are marked *