Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Red-Database-Security GmbH is specialized in Oracle Security

Products
Repscan 2.5
Hedgehog Enterprise
Checkpwd (free)

Services
Oracle Audit / Hardening
Security Training
Consulting

Information
Oracle Security Blog
Published Alerts
Upcoming Alerts
Patch Information
Whitepaper
Presentations
Oracle Fact Sheets
Exploits
Tutorials
Videos
Scripts

News & Events
Events
News

Company
Contact
People
Partner
Impressum
Sitemap


Search



Search Red-Database-Security

Oracle Anti Hacker Training (5 days)


Overview

Know your enemy is important if you are responsible for the protection of Oracle databases and application server. In this session you learn various tricks of Oracle Hacker and the appropriate countermeasure.

Course Pre-requisites
  • Students should have a good knowledge of Oracle databases (e.g. DBA)
Course Language
  • German or English
Course Material
  • English course notes
  • Scripts
  • Free Security Software
Course Duration
  • 5 days
Next training dates
  • TBD

Customized inhouse training (2-5 days) are always possible. Please ask for details.

Table of Content

Oracle Security Information
  • Oracle Security related Websites (Where to find Exploits, Gossip....)
  • Books (Useful Oracle Security books)
  • Metalink Hacking (Find unknown/unpublished security bugs in Metalink)
  • Google Hacking of Oracle Technologies
Security Basics
  • Secure Oracle Architecture (Client, Server, Application Server, Backup/Recovery...)
  • Oracle Security Features (Audit, Encryption, ASO, VPD, OLS...)
  • Encryption (Concepts, Network, Database...)
  • Privileges
  • Audit (Concept, what, bypassing...)
  • Forensics
  • D.o.S. - Denial of Service (Concepts, TNS-Listener, database, database user, oid...)
  • Buffer Overflows (Concepts, Packages, SQL functions...)
  • SQL Injection (Concepts, Packages, Trigger, Webapplication...)
  • Cross Site Scripting (Concepts, How to use...)
  • Tools (Scripts, Oracle Security Scanner, Free and commercial software ...)
Database
  • Attack Scenarios
  • Overview Security Windows (Services, Patches...)
  • Overview Security Unix (X11, Services, Patches...)
  • File Permission (Common Issues, Become Root... )
  • Listener (TNS, MTS, XMLSDB, Exploits, Securing Listeners...)
  • Network Sniffing & Tracing (Wireshark, Tracing, ASO, ...)
  • Reading and stealing files (Export, archive, utl_file, dbms_lob...)
  • Creating Files ( utl_file, external tables, dbms_advisor, Java, ...)
  • Oracle Database Passwords (Brute Force Cracker, Password Algorithm, hashkeys, rainbow tables, ophcrack...)
  • Other Oracle Passwords (modplsql, CMDSK, changing, decrypting...)
  • Execute OS commands (Java, Extproc, undocumented Procedures, ...)
  • Database Encryption (Decrypt Data, Steal encryption keys, Circumvent Encryption, sort_area_size, Reverse Engineering Key Algorithms, TDE)
  • PLSQL (Wrapping, Unwrapping PLSQL, Patching wrapped procedures, ...)
  • XMLDB (D.o.S, XSS, ...)
  • Backdoors (How to Implement, Find)
  • Become DBA (several ways to become DBA)
  • Oracle Components
  • Hardening Oracle Database (Approach, where to start, top-5-issues, Keep the database secure...)
Oracle Clients
  • Attack Scenarios
  • Passwords & Accounts (Handling, Roaming, Decryption, ...)
  • Client Startup Files
  • SQL Logging
  • Temp Files
  • Analysing various Oracle Clients
  • Using Backtrack3
  • Hardening Oracle Client and Workstations

Advanced Topics
  • Oracle Rootkits (Concepts, V1, V2,Create invisible users, data dictionary hacks, modify packages, ...)
  • Oracle Viruses (Concepts)
  • Oracle Forensics
  • Hacking Oracle Database Vault
  • Hacking Transparent Data Encryption (TDE)
  • Orasploit
  • Using Repscan
  • Using Sentrigo Hedgehog



© 2005-2009 by Red-Database-Security GmbH - last update 2-mar-2010
Oracle Anti Hacker Training