Alexander Kornbrust


About speaker:
Alexander Kornbrust is a recognized security consultant and researcher who specializes in Oracle security since 2001. He is also the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle anti-hacker trainings and gave various presentations on security conferences like Black Hat, Microsoft Bluehat, IT Underground.

Alexander Kornbrust has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander has found over 250 security bugs in different Oracle products.

Oracle for pentesters 2007 or how to hack Oracle databases with Backtrack 2.0

In this session you learn how to do a pentest of Oracle databases with Backtrack 2.0.
The presentation will start with the enumeration of Oracle database listener, various ways how to find the
name of the TNS listener (e.g. with sidguess or XMLDB), brute forcing passwords, checking the quality of Oracle passwords,
privilege escalation by running PL/SQL exploits and/or patching client DLLs/LIBs.

The talk will also present various useful SQL statement, e.g. how to get the exact patch level, …

After the talk you should be able to do a basic pentest for most Oracle databases.