[Argeniss] Practical 10 minutes security audit: Oracle Case (Paper) Mar 10 2007 01:05AM
Cesar (cesarc56 yahoo com)

This paper will show a extremely simple technique to
quickly audit a software product in order
to infer how trustable and secure it is. I will show
you step by step how to identify half dozen
of local 0day vulnerabilities in few minutes just
making a couple of clicks on very easy to use
free tools, then for the technical guys enjoyment the
vulnerabilities will be easily pointed out
on disassembled code and detailed, finally a 0day
exploit for one of the vulnerabilities will be
While this technique can be applied to any software in
this case I will take a look at the latest
version of Oracle Database Server: 10gR2 for Windows,
which is a extremely secure product
so it will be a very difficult challenge to find
vulnerabilities since Oracle is using advanced next
generation tools to identify and fix vulnerabilities

(PoC exploit included)



Need Mail bonding?
Go to the Yahoo! Mail Q&A for great tips from Yahoo! Answers users.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus