If you don't know neither the enemy nor yourself, you will sucumb in every battle.
If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.
But if you know the enemy and know yourself you need not fear the result of a hundred battles.
The art of war (Sun Tzu)
Oracle DLL injection,TDE, Remote Job Scheduling

Introduction

I gave a presentation at the Hacktivity 2010 which details the following topics:
  • How to attack the encryption features in Oracle database with DLL injection on Windows and Linux
  • How TDE (Transparent Database Encryption) feature works and demonstration of a toolset that can be used to decrypt the TDE encrypted data
  • An initial analyzes of the security of the Remote Job Scheduling feature
The PoC codes (rorakit) and flash demos will be released soon.

All of the codes should be considered as a proof of concept code and use them for own responsibility.

Links:

Presentation
Flash demo for the injection part
Flash demor for the TDE part

Tools:

PoC code for TDE part (demonstration purpose only, use at your own responsibility)
More will come...
Disclaimer
The views, opinions and thoughts in this homepage are the views, opinions and thoughts of the writer of this homepage and do not represent the views, opinions or thoughts of any past or current employer of the writer or any other third person. The content is provided 'as is' without warranty of any kind. Use at your own responsibility.  Laszlo may be contacted on donctl@gmail.com.