fr | en
image

Oracle Anti-Hacker Training, June 11 to 13, 2008

Location: Geneva, Switzerland.

Price: 2950 CHF (including lunch, lecture notes (1000 pages), scripts and tools

Prerequisite: Knowledge of Oracle Databases

Maximum number of participants: 10

Registration: online form

The training is given in english by Alexander Kornbrust, one of the best specialists of Oracle security. un des meilleurs spécialistes de la sécurité Oracle. His course will cover the following subjects:

  • Oracle Security
    * Oracle Security related Websites (Where to find Exploits, Gossip....)
    * Books (Useful Oracle Security books)
    * Metalink Hacking (Find unknown/unpublished security bugs in Metalink)
    * Google Hacking of Oracle Technologies
  • Security Basics
    * Secure Oracle Architecture (Client, Server, Application Server, Backup/Recovery...)
    * Encryption (Concepts, Network, Database...)
    * Privileges
    * D.o.S. - Denial of Service (Concepts, TNS-Listener, database, database user, oid...)
    * Buffer Overflows (Concepts, Packages, SQL functions...)
    * SQL Injection (Concepts, Packages, Trigger, Webapplication...)
    * Tools (Scripts, Oracle Security Scanner, Free and commercial software ...)
  • Database
    * Attack Scenarios
    * Overview Security Windows (Services, Patches...)
    * Overview Security Unix (X11, Services, Patches...)
    * File Permission (Common Issues, Become Root... )
    * Listener (TNS, MTS, XMLSDB, Exploits, Securing Listeners...)
    * Network Sniffing & Tracing (Ethereal, Tracing, ASO...)
    * Reading and stealing files (Export, archive, utl_file, dbms_lob...)
    * Creating Files ( utl_file, external tables, dbms_advisory, Java...)
    * Oracle Database Passwords (Brute Force Cracker, Password Algorithm, hashkeys...)
    * Other Oracle Passwords (modplsql, CMDSK, changing, decrypting...)
    * Execute OS commands (Java, Extproc, undocumented Procedures...)
    * PLSQL (Wrapping, Unwrapping PLSQL, Patching wrapped procedures, ...)
    * Rootkits (How to Implement, Find)
    * Become DBA (several ways to become DBA)
    * Hardening Oracle Database (Approach, where to start, top-5-issues, Keep the database secure...)
  • Oracle Clients
    * Attack Scenarios
    * Passwords & Accounts (Handling, Roaming, Decryption, ...)
    * Client Startup Files
    * SQL Logging
    * Temp Files
    * Analysing various Oracle Clients
    * Using Windows PE / Knoppix (Create own Oracle Boot-CD)
    * Hardening Oracle Clients

| Audits | Consulting | Training | Products | OS Labs | Contact |

OS Objectif Sécurité SA  Route Cité-Ouest 19  CH-1196  Gland  Tel : +41 22 364 85 70  Fax : +41 22 364 85 79   info@objectif-securite.ch