[ mainpage :: register :: conference :: training :: the venue ]
[ capture the flag (CTF) :: zone-h/hitb hacking challenge :: bzflag ]
[ call for papers (CFP) :: conference agenda :: sponsors :: press/media :: forum ]
[ conference kit (PDF) :: past conferences :: contact us ]

Keynote Videos Now Available for Download

Day 1 Keynote: Bruce Schneier - Schneier on Security
Day 2 Keynote: Jeremiah Grossman - Hacks Happen

TECH TRAINING 5 - Hacking and Hardening Oracle

Filed under: Main Page — Administrator @ 12:10 pm

Title: Hacking and Hardening Oracle
Trainers: Alexander Kornbrust (Founder, Red Database Security GmbH)
Capacity: 20 pax
Seats left: 9
Duration: 2 days
Cost: (per pax) USD1499 (early bird) / USD1799 (non early-bird)



This training is a crash course in Oracle security. The attendees will learn the latest techniques to do a pentest against Oracle databases (find vulnerabilities, unsecure configuration, passwords), analyze (custom) PL/SQL applications for vulnerabilities and how to harden Oracle databases. Common attacking techniques (Oracle rootkits and backdoors, Oracle Client attacks) and the appropriate countermeasures are also part of this training.

Day 1

* Introduction
* Oracle Basics (Oracle Architecture, Oracle Products, Oracle Features)
==> Exercise: connect to the database, use sqlplus, sqldeveloper
* Passwords
==> Exercise: Find passwords, crack Oracle database passwords
* SQL-Injection (Web, Database, C/S)
==> Exercise: Privilege Escalation via SQL Injection, Information Retrieval via SQL Injection
* Hacking mod_plsql
==> Exercise: Hack mod_plsql Apps
* Google Hacking for Oracle
==> Exercise: Find vulnerable websites with Google
* Hardening Oracle 10g R2

Day 2

* PL/SQL Programming Basics (Execute programs, read/write files)
==> Exercise: Create files, read files, execute programs, …
* PL/SQL-Source-Code Analysis
==> Exercise: Find Security bugs in PL/SQL code
* Oracle Client attacks
==> Exercise: modifying startup files, finding passwords, …
* IDS Evasion
==> Exercise: Bypass Snort and other Oracle IDS
* Oracle Rootkits & Backdoors
==> Install and detect RK
* Oracle Forensics
==> Excercise: Analysis Logfiles, Audit-log
* Oracle Capture-The-Flag


* Laptop with Windows, Linux or MacOS
* Oracle Instant Client (http://www.oracle.com/technology/software/tech/oci/instantclient/index.html)
* Oracle SQL Developer (http://www.oracle.com/technology/software/products/sql/index.html)
* Webbrowser

Note: The BackTrack 2 CD could be used. BT2 contains an Oracle Instant Client and some Oracle tools.

About Alexander

Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle Anti-hacker trainings and gave various presentations on security conferences like Black Hat, Defcon, Bluehat, IT Underground and Syscan. Alexander has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander reported over 320 security bugs in different Oracle products.

Event Organizer

Hack In The Box (M) Sdn. Bhd.

Event Partner



Supported & Endorsed By

UAE Telecommunications Regulatory Authority (TRA)

Malaysian Communications and Multimedia Commission (MCMC)

Malaysian Administrative Modernisation & Management Planning Unit

Platinum Sponsors

Titanium Sponsor (Post Conference Reception)


Gold Sponsors


Microsoft Corporation

Official Media Partner (Magazine)

Network Middle East

Arabian Computer News

ITP Business

Official Airline Partner

Emirates Airlines

Our Speakers are Supported By

Bellua Asia Pacific

Supporting Media:

Virus Bulletin

Virus Bulletin (VB)

InfoSec News

(ISN) InfoSec News

InfoSec News

XAKEP (Russia)

Insecure Magazine

PHRACK Magazine

Hakin9 Magazine

Supporting Organizations


ISECOM - Insititue for Security and Open Methodologies

ISACA Malaysia

IT Underground

X-Focus China

Zone-H Defacement Mirror

Xatrix Security

Special Interest Group in Security & Information InteGrity Singapore