<<< Date Index >>>     <<< Thread Index >>>

[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper)



Hi.

Abstract:
This paper will show a extremely simple technique to
quickly audit a software product in order
to infer how trustable and secure it is. I will show
you step by step how to identify half dozen
of local 0day vulnerabilities in few minutes just
making a couple of clicks on very easy to use
free tools, then for the technical guys enjoyment the
vulnerabilities will be easily pointed out
on disassembled code and detailed, finally a 0day
exploit for one of the vulnerabilities will be
demonstrated.
While this technique can be applied to any software in
this case I will take a look at the latest
version of Oracle Database Server: 10gR2 for Windows,
which is a extremely secure product
so it will be a very difficult challenge to find
vulnerabilities since Oracle is using advanced next
generation tools to identify and fix vulnerabilities

http://www.argeniss.com/research/10MinSecAudit.zip
(PoC exploit included)

Thanks.

Cesar.



 
____________________________________________________________________________________
Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.
http://answers.yahoo.com/dir/?link=list&sid=396546091