Oracle Anti Hacker Training

Products
Repscan 2008
PLSQL-Scanner
Hedgehog Enterpise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Videos
Scripts

News & Events
Events
News

Company
Blog
Contact
People
Partner
Impressum
Sitemap

Oracle Anti Hacker Training (5 days)

Overview

Know your enemy is important if you are responsible for the protection of Oracle databases and application server. In this session you learn various tricks of Oracle Hacker and the appropriate countermeasure.

Course Pre-requisites

Students should have a good knowledge of Oracle databases (e.g. DBA)

Course Language

German or English

Course Material

English course notes
Scripts
Free Security Software

Course Duration

5 days

Next training dates

18-May to 22-May 2008 - english training (5 days) - (Dubai)
26-May to 30-May 2008 - german training hosted by Opitz Consulting (5 days) - (Gummersbach, Germany)
11-June to 13-June 2008 - english training (3 days) - (Genf, Switzerland)
06-July to 10-July 2008 - english training (5 days) - (Dubai)
1-September to 5-September 2008 - english training (5 days) - (Maryland, USA)
24-November to 28-November 2008 - german training hosted by Opitz Consulting (5 days) - (Gummersbach, Germany)

Customized inhouse training (2-5 days) are always possible. Please ask for details.

Table of Content

Oracle Security Information

Oracle Security related Websites (Where to find Exploits, Gossip....)
Books (Useful Oracle Security books)
Metalink Hacking (Find unknown/unpublished security bugs in Metalink)
Google Hacking of Oracle Technologies

Security Basics

Secure Oracle Architecture (Client, Server, Application Server, Backup/Recovery...)
Oracle Security Features (Audit, Encryption, ASO, VPD, OLS...)
Encryption (Concepts, Network, Database...)
Privileges
Audit (Concept, what...)
Forensics
D.o.S. - Denial of Service (Concepts, TNS-Listener, database, database user, oid...)
Buffer Overflows (Concepts, Packages, SQL functions...)
SQL Injection (Concepts, Packages, Trigger, Webapplication...)
Cross Site Scripting (Concepts, How to use...)
Tools (Scripts, Oracle Security Scanner, Free and commercial software ...)

Database

Attack Scenarios
Overview Security Windows (Services, Patches...)
Overview Security Unix (X11, Services, Patches...)
File Permission (Common Issues, Become Root... )
Listener (TNS, MTS, XMLSDB, Exploits, Securing Listeners...)
Network Sniffing & Tracing (Ethereal/Wireshark, Tracing, ASO...)
Reading and stealing files (Export, archive, utl_file, dbms_lob...)
Creating Files ( utl_file, external tables, dbms_advisory, Java, ...)
Oracle Database Passwords (Brute Force Cracker, Password Algorithm, hashkeys...)
Other Oracle Passwords (modplsql, CMDSK, changing, decrypting...)
Execute OS commands (Java, Extproc, undocumented Procedures...)
Database Encryption (Decrypt Data, Steal encryption keys, Circumvent Encryption, sort_area_size, Reverse Engineering Key Algorithms)
PLSQL (Wrapping, Unwrapping PLSQL, Patching wrapped procedures, ...)
XMLDB (D.o.S, XSS, ...)
Backdoors (How to Implement, Find)
Become DBA (several ways to become DBA)
Components
- HTMLDB
- XMLDB
- Enterprise Manager
- Database Control / Grid Control
- iSQLPlus
Hardening Oracle Database (Approach, where to start, top-5-issues, Keep the database secure...)

Oracle Clients

Attack Scenarios
Passwords & Accounts (Handling, Roaming, Decryption, ...)
Client Startup Files
SQL Logging
Temp Files
Analysing various Oracle Clients
Using Backtrack2
Hardening Oracle Client

Advanced Topics

Oracle Rootkits (Concepts, V1, V2,Create invisible users, data dictionary hacks, modify packages, ...)
Oracle Viruses (Concepts)
Oracle Forensics
Hacking Oracle Database Vault
Hacking Transparent Data Encryption (TDE)
Using Repscan
Using Sentrigo Hedgehog