Email us! Subscribe to Liquidmatrix!

Memory-Resident Backdoors In Oracle

Author: Dave Lewis
October 31, 2007 at 7:50 am · Filed under Conventions, Data Security

David Litchfield has an interesting paper that he is going to present at the upcoming Deepsec conference in Vienna.

From David’s blog:

I finished my code for the upcoming Deepsec conference in Vienna (November 20th-23rd). I’m presenting a discussion on memory-resident backdoors in Oracle (I will refrain from calling them “rootkits”). The code I wrote exploits a buffer overflow using ASCII armoured shellcode that dynamically creates a decoder which decodes the backdoor and then executes it.

Very interesting. He also notes that this type of rootkit backdoor is harder to detect that than the typical rootkit. If anyone is going to be attending Deepsec please check out his talk. I caught his talk on Oracle database forensics at Black Hat in Vegas this summer. He announced at tool that he was going to release called FEDS for performing database forensics but, I have not seen it released as of yet.

He’s an excellent presenter.

Article Link

Tags: , , ,

Tag It: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • Technorati
  • SphereIt
  • StumbleUpon
  • Fark
  • YahooMyWeb
  • Furl
  • Spurl
  • Ma.gnolia
  • NewsVine
Related Articles:

  • Oracle 9i/10g Exploit Posted
  • New Oracle Security Blog
  • Oracle Critical January Patches Announced
  • Oracle Plans 46 Patches for Update
  • Does Oracle’s Database Need More Security?

    • Leave a Comment