Bio: László Tóth is working as an IT security consultant and he has more than 9 years experience in this field. He conducted numerous security penetration tests and reviews in highly sensitive environments. László is the developer of the woraauthbf tool which was one of the fastest Oracle password crackers at the time of the publishing. He released several papers about vulnerabilities of the Oracle authentication protocols. His name was mentioned in several CPUs released by Oracle.
Topic of Presentation: Oracle post exploitation techniques
Abstract: After a successful attack against an Oracle database there are several ways how an attacker can step forward. For example he/she can search for sensitive information in the database or can use the features of the database to attack further systems. In the presentation after a quick summary of the well known techniques own research results will be discussed. It will be detailed how the oracle process can be modified to extract sensitive information. It will be also discussed how the remote job scheduling feature of the Oracle can be used to step forward during an attack. A self developed tool set will demonstrate the previously detailed techniques.