If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
But if you know the enemy and know yourself you need not fear the result of a hundred battles.
The art of war (Sun Tzu)
Introduction
I
gave a presentation at the Hacktivity
2010
which details
the following topics:
All of the codes should be considered as a proof of concept code and use them for own responsibility.
Links:
Presentation
Flash demo for the injection part
Flash demor for the TDE part
Tools:
PoC code for TDE part (demonstration purpose only, use at your own responsibility)
More will come...
- How to attack the encryption features in Oracle database with DLL injection on Windows and Linux
- How TDE (Transparent Database Encryption) feature works and demonstration of a toolset that can be used to decrypt the TDE encrypted data
- An initial analyzes of the security of the Remote Job Scheduling feature
All of the codes should be considered as a proof of concept code and use them for own responsibility.
Links:
Presentation
Flash demo for the injection part
Flash demor for the TDE part
Tools:
PoC code for TDE part (demonstration purpose only, use at your own responsibility)
More will come...
Disclaimer
The
views, opinions and
thoughts in this homepage are the views, opinions and thoughts of the
writer of this homepage and do not represent the views, opinions or
thoughts of any past or current employer of the writer or any other
third person. The content is provided 'as is' without warranty of any
kind. Use at your own responsibility. Laszlo
may be contacted on donctl@gmail.com.