David Litchfield has an interesting paper that he is going to present at the upcoming Deepsec conference in Vienna.
From David’s blog:
I finished my code for the upcoming Deepsec conference in Vienna (November 20th-23rd). I’m presenting a discussion on memory-resident backdoors in Oracle (I will refrain from calling them “rootkits”). The code I wrote exploits a buffer overflow using ASCII armoured shellcode that dynamically creates a decoder which decodes the backdoor and then executes it.
Very interesting. He also notes that this type of rootkit backdoor is harder to detect that than the typical rootkit. If anyone is going to be attending Deepsec please check out his talk. I caught his talk on Oracle database forensics at Black Hat in Vegas this summer. He announced at tool that he was going to release called FEDS for performing database forensics but, I have not seen it released as of yet.
He’s an excellent presenter.
[tags]Memory Resident Backdoors, Oracle Backdoors, David Litchfield, Hacking Oracle[/tags]