header image
Welcome to SyntheticBytes!
Written by Paul   
Nov 19, 2011 at 07:52 AM

ImageThank you for your visit. After more than 6 years I'm back online and I'm making efforts to rebuild the SyntheticBytes site with your support and the Mambo engine. It will be a site about software, IT security, Oracle database and friends. You will soon have the option to contribute and also to comment, to vote or to create your own membership.

I have completed successfully the installation of the Mambo files and now I'm editing the content.


New updates to come...

Write Comment (2 comments)
Last Updated ( Nov 26, 2011 at 05:33 PM )
Read more...
Introduction to Oracle Rootkits
Written by Paul   
Nov 17, 2011 at 07:34 AM

This is a short form of the paper:
"Stealth Database Attacks: Oracle Rootkits"
I've presented on SECITC'11 - 17-18 Nov. 2011


 Abstract: We know that in the last years many databases from Fortune 500 companies were compromised causing lots of money losses. Security researchers have to deal today with sophisticated attacks leaving almost no traces or extremely difficult to detect. From the runtime patching presented in 2002 or the rudimentary altered internal views to the BlackHat presentations from 2005 - officially documenting the first generation of database rootkits or the SANS institute report about "An Assessment of the Oracle Password Hashing Algorithm" describing the potential of a passive attack against Oracle the stealth attacks evolved so much. We're discussing today about "In-memory Backdoors", direct access to database memory or what's considered to be now: the 3rd generation of rootkits - a huge potential for database stealth attacks techniques. This paper will discuss the stealth data theft problem focusing on Oracle database; we will show actual information about stealth attacks and why we should care about every minor detail on machines running a RDBMS.

NOTE: The views expressed in this paper are my own and do not necessarily reflect the views of Oracle Corp.

Write Comment (0 comments)
Last Updated ( Dec 21, 2011 at 04:44 PM )
Read more...
Fuzzing Oracle Database
Written by Paul   
Dec 12, 2011 at 07:25 AM

An introduction to fuzzer technique with Oracle RDBMS

The Wikipedia is defining fuzzer technique this way (http://en.wikipedia.org/wiki/Fuzz_testing):
 
"Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes or failing built-in code assertions. Fuzzing is commonly used to test for security problems in software or computer systems."

This could be considered as a rogue technique similar to brute forcing a password or flooding a target.

Write Comment (2 comments)
Last Updated ( Dec 21, 2011 at 04:17 PM )
Read more...
<< Start < Previous 1 2 Next > End >>

Would you like to be involved in the Mambo Open Source project? Join the Mambo Foundation or become a member of Team Mambo. Learn more by visiting Mambo-Foundation.org.
Polls
The most influential person in technology in the last 25 years is...
  
Who's Online
We have 1 guest online