Dailydave mailing list archives
[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper)
From: Cesar <sqlsec () yahoo com>
Date: Fri, 9 Mar 2007 17:09:47 -0800 (PST)
Hi. Abstract: This paper will show a extremely simple technique to quickly audit a software product in order to infer how trustable and secure it is. I will show you step by step how to identify half dozen of local 0day vulnerabilities in few minutes just making a couple of clicks on very easy to use free tools, then for the technical guys enjoyment the vulnerabilities will be easily pointed out on disassembled code and detailed, finally a 0day exploit for one of the vulnerabilities will be demonstrated. While this technique can be applied to any software in this case I will take a look at the latest version of Oracle Database Server: 10gR2 for Windows, which is a extremely secure product so it will be a very difficult challenge to find vulnerabilities since Oracle is using advanced next generation tools to identify and fix vulnerabilities http://www.argeniss.com/research/10MinSecAudit.zip (PoC exploit included) Thanks. Cesar. ____________________________________________________________________________________ No need to miss a message. Get email on-the-go with Yahoo! Mail for Mobile. Get started. http://mobile.yahoo.com/mail _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- [Argeniss] Practical 10 minutes security audit: Oracle Case (Paper) Cesar (Mar 10)