Joxean Koret - Database Security Paradise [Rooted CON 2011]

RootedCON
RootedCONRootedCON
Database's Security Paradise Joxean Koret
Security in Databases ,[object Object],[object Object],[object Object],[object Object]
Focus of the talk ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Steps in Vulnerability Discovery ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Local Vulnerabilities in Database Software
Unidata
Stupid vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Send SIGUSR2 signal to any process
Unidata's SIGUSR2 bug ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ingres
Bugs from the past: Ingres ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Welcome to '70s!
verifydb multiple stack overflows ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
wakeup stack overflow ,[object Object],[object Object],[object Object],[object Object],[object Object]
II_INSTALLATION environment variable ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ingres Developers...
MySQL Client
MySQL: Client Tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
MySQL Client Tools ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Stupid bug #1
Stupid bug #2
Stupid bug #2
(Remote) Stupid bug #3
MySQL Client Tools Bugs ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IBM DB2
IBM DB2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Local privilege escalation
IBM DB2 Escalation of Privileges ,[object Object],[object Object],[object Object],[object Object]
IBM DB2 Escalation of Privileges ,[object Object],[object Object],[object Object]
IBM DB2 Escalation of Privileges ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IBM DB2 Escation of Privileges ,[object Object],[object Object],[object Object],[object Object]
Oracle
Oracle Database Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CVE-2008-2613 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
CVE-2008-2613 Example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Informix
Informix Dynamic Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
onedcu informix to root EoP ,[object Object],[object Object],[object Object],[object Object],[object Object]
Function ifmx_dlopen ,[object Object]
Path to ifmx_dlopen function
Path to gl_init_glu ,[object Object],[object Object],[object Object]
Initgls function ,[object Object]
onedcu suid root EoP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Informix EoP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Remote Vulnerabilities
Remote Vulnerabilities ,[object Object],[object Object],[object Object],[object Object]
Unidata
Rocket U2 Uni RPC Service Remote Code Execution Vulnerability ,[object Object],[object Object],[object Object],[object Object],[object Object]
ZDI-10-294 ,[object Object],[object Object]
ZDI-10-294 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
ZDI-10-294 ,[object Object],[object Object],[object Object]
IBM DB2
IBM DB2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IBM DB2 Remote DOS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IBM DB2 Remote DOS ,[object Object],[object Object],[object Object],[object Object],[object Object]
IBM DB2 'repeat' Heap Overflow ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IBM DB2 Notes ,[object Object],[object Object],[object Object]
Informix
Informix Dynamic Server ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Informix Remote DOS POC ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Informix Remote DOS ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SET Environment Stack Overflow ,[object Object],[object Object],[object Object]
POC ,[object Object],[object Object],[object Object],[object Object]
Informix start_onpload RCI ,[object Object],[object Object],[object Object],[object Object]
 
Informix start_onpload RCE ,[object Object],[object Object],[object Object],[object Object]
Informix Notes ,[object Object],[object Object],[object Object]
Conclussions ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Search for bugs ;)
 
1 of 70

Joxean Koret - Database Security Paradise [Rooted CON 2011]

Download to read offline
RootedCON
RootedCONRootedCON

Recommended

Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2... by
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...
Raúl Siles - Browser Exploitation for Fun and Profit Revolutions [RootedCON 2...RootedCON
2.3K views29 slides
Wtf is happening_inside_my_android_phone_public by
Wtf is happening_inside_my_android_phone_publicWtf is happening_inside_my_android_phone_public
Wtf is happening_inside_my_android_phone_publicJaime Blasco
2.8K views32 slides
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011] by
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
2.4K views45 slides
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi... by
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...
Francisco Jesús Gómez + Carlos Juan Diaz - Cloud Malware Distribution: DNS wi...RootedCON
7.1K views62 slides
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON... by
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...
Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...RootedCON
1.8K views23 slides
Threat stack aws by
Threat stack awsThreat stack aws
Threat stack awsJen Andre
1.6K views83 slides

More Related Content

What's hot

Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo by
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoShakacon
2.9K views70 slides
Codetainer: a Docker-based browser code 'sandbox' by
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
3.8K views30 slides
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ... by
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...RootedCON
913 views40 slides
"A rootkits writer’s guide to defense" - Michal Purzynski by
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal PurzynskiPROIDEA
330 views83 slides
Laura Garcia - Shodan API and Coding Skills [rooted2019] by
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]RootedCON
1.5K views13 slides
Defcon 22-colby-moore-patrick-wardle-synack-drop cam by
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camPriyanka Aash
2.3K views49 slides

What's hot(20)

Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo by Shakacon
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin VigoBreaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Breaking Vaults - Stealing Lastpass Protected Secrets by Martin Vigo
Shakacon2.9K views
Codetainer: a Docker-based browser code 'sandbox' by Jen Andre
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
Jen Andre3.8K views
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ... by RootedCON
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
Sheila Ayelen Berta - The Art of Persistence: "Mr. Windows… I don’t wanna go ...
RootedCON913 views
"A rootkits writer’s guide to defense" - Michal Purzynski by PROIDEA
"A rootkits writer’s guide to defense" - Michal Purzynski"A rootkits writer’s guide to defense" - Michal Purzynski
"A rootkits writer’s guide to defense" - Michal Purzynski
PROIDEA330 views
Laura Garcia - Shodan API and Coding Skills [rooted2019] by RootedCON
Laura Garcia - Shodan API and Coding Skills [rooted2019]Laura Garcia - Shodan API and Coding Skills [rooted2019]
Laura Garcia - Shodan API and Coding Skills [rooted2019]
RootedCON1.5K views
Defcon 22-colby-moore-patrick-wardle-synack-drop cam by Priyanka Aash
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Priyanka Aash2.3K views
The day I ruled the world (RootedCON 2020) by Javier Junquera
The day I ruled the world (RootedCON 2020)The day I ruled the world (RootedCON 2020)
The day I ruled the world (RootedCON 2020)
Javier Junquera288 views
Richard wartell malware is hard. let's go shopping!! by Shakacon
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!
Shakacon1.8K views
Simplest-Ownage-Human-Observed… - Routers by Logicaltrust pl
Simplest-Ownage-Human-Observed… - Routers Simplest-Ownage-Human-Observed… - Routers
Simplest-Ownage-Human-Observed… - Routers
Logicaltrust pl2.5K views
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac by Priyanka Aash
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Priyanka Aash3.2K views
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у... by Positive Hack Days
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Если нашлась одна ошибка — есть и другие. Один способ выявить «наследуемые» у...
Positive Hack Days2.5K views
Automated Malware Analysis and Cyber Security Intelligence by Jason Choi
Automated Malware Analysis and Cyber Security IntelligenceAutomated Malware Analysis and Cyber Security Intelligence
Automated Malware Analysis and Cyber Security Intelligence
Jason Choi1.1K views
44CON London - Attacking VxWorks: from Stone Age to Interstellar by 44CON
44CON London - Attacking VxWorks: from Stone Age to Interstellar44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON London - Attacking VxWorks: from Stone Age to Interstellar
44CON13.9K views
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ... by PROIDEA
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ..."Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
"Revenge of The Script Kiddies: Current Day Uses of Automated Scripts by Top ...
PROIDEA181 views
Possibility of arbitrary code execution by Step-Oriented Programming by kozossakai
Possibility of arbitrary code execution by Step-Oriented ProgrammingPossibility of arbitrary code execution by Step-Oriented Programming
Possibility of arbitrary code execution by Step-Oriented Programming
kozossakai6.4K views
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen by PROIDEA
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
"Into the Fog The Return of ICEFOG APT" - Chi en (Ashley) Shen
PROIDEA297 views
Abusing Microsoft Kerberos - Sorry you guys don't get it by Benjamin Delpy
Abusing Microsoft Kerberos - Sorry you guys don't get itAbusing Microsoft Kerberos - Sorry you guys don't get it
Abusing Microsoft Kerberos - Sorry you guys don't get it
Benjamin Delpy43.1K views
When is something overflowing by Peter Hlavaty
When is something overflowingWhen is something overflowing
When is something overflowing
Peter Hlavaty6.3K views
How to drive a malware analyst crazy by Michael Boman
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
Michael Boman1.1K views
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand... by Sergey Gordeychik
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Root via SMS: 4G access level security assessment, Sergey Gordeychik, Alexand...
Sergey Gordeychik514 views

Viewers also liked

Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco... by
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...RootedCON
2.3K views47 slides
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011] by
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]RootedCON
1.4K views38 slides
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R... by
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...RootedCON
2.6K views43 slides
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011] by
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]RootedCON
1.3K views53 slides
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu... by
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...RootedCON
1.2K views21 slides
José Ramón Palanco - NoSQL Security [RootedCON 2011] by
José Ramón Palanco - NoSQL Security [RootedCON 2011]José Ramón Palanco - NoSQL Security [RootedCON 2011]
José Ramón Palanco - NoSQL Security [RootedCON 2011]RootedCON
1.4K views40 slides

Viewers also liked(19)

Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco... by RootedCON
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
Jaime Peñalba - Como defenderse en terreno hostil: Protecciones para la Defco...
RootedCON2.3K views
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011] by RootedCON
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
Marisol Salanova - Seguridad informática y cibersexo [RootedCON 2011]
RootedCON1.4K views
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R... by RootedCON
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
David Pérez + José Picó - Un ataque práctico contra comunicaciones móviles [R...
RootedCON2.6K views
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011] by RootedCON
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
José Selvi - Unprivileged Network Post-Exploitation [RootedCON 2011]
RootedCON1.3K views
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu... by RootedCON
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
Gianluca D'Antonio - La Gestión de la Seguridad de la Información ante las nu...
RootedCON1.2K views
José Ramón Palanco - NoSQL Security [RootedCON 2011] by RootedCON
José Ramón Palanco - NoSQL Security [RootedCON 2011]José Ramón Palanco - NoSQL Security [RootedCON 2011]
José Ramón Palanco - NoSQL Security [RootedCON 2011]
RootedCON1.4K views
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote... by RootedCON
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...
Alejandro Martín + Chema Alonso - Pulveriza tus publicaciones con Dust [Roote...
RootedCON1.9K views
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011] by RootedCON
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]
Gabriel Gonzalez - Man-In-Remote: PKCS11 for fun and non-profit [RootedCON 2011]
RootedCON6.5K views
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011] by RootedCON
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]
Rubén Santamarta - SCADA Trojans: Attacking the Grid [Rooted CON 2011]
RootedCON3K views
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010] by RootedCON
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]
{RootedPanel] Grupo de Hackers Históricos: Apòstols [RootedCON 2010]
RootedCON1.9K views
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011] by RootedCON
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]
Antonio Ramos - La asimetría en el mercado de la seguridad [RootedCON 2011]
RootedCON1.4K views
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011] by RootedCON
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]
Alberto García de Dios - Virus, el arte no debería ser negocio [Rooted CON 2011]
RootedCON1.9K views
Blueliv - Information Tracking with Optos [Rooted CON 2011] by RootedCON
Blueliv - Information Tracking with Optos [Rooted CON 2011]Blueliv - Information Tracking with Optos [Rooted CON 2011]
Blueliv - Information Tracking with Optos [Rooted CON 2011]
RootedCON1.6K views
David López Paz - Global Warfare [RootedCON 2011] by RootedCON
David López Paz - Global Warfare [RootedCON 2011]David López Paz - Global Warfare [RootedCON 2011]
David López Paz - Global Warfare [RootedCON 2011]
RootedCON2.7K views
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011] by RootedCON
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]
Vins Villaplana - Seguridad en capa de enlace [RootedCON 2011]
RootedCON1.6K views
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ... by RootedCON
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
José Miguel Esparza - Obfuscation and (non-)detection of malicious PDF files ...
RootedCON2.5K views
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m... by RootedCON
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
Jaime Blasco & Pablo Rincón - Lost in translation: WTF is happening inside m...
RootedCON3.1K views
Hernan Ochoa - WCE Internals [RootedCON 2011] by RootedCON
Hernan Ochoa - WCE Internals [RootedCON 2011]Hernan Ochoa - WCE Internals [RootedCON 2011]
Hernan Ochoa - WCE Internals [RootedCON 2011]
RootedCON28.4K views
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO... by RootedCON
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...
Alejandro Ramos - Know your ******: 4dv4nc3d P@55w0rd$ (r4c|<1ng [RootedCO...
RootedCON4.1K views

Similar to Joxean Koret - Database Security Paradise [Rooted CON 2011]

New and improved hacking oracle from web apps sumit sidharth by
New and improved hacking oracle from web apps sumit sidharthNew and improved hacking oracle from web apps sumit sidharth
New and improved hacking oracle from web apps sumit sidharthowaspindia
1.8K views31 slides
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo... by
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...Hafez Kamal
155 views36 slides
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński by
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot
180 views31 slides
Timings of Init : Android Ramdisks for the Practical Hacker by
Timings of Init : Android Ramdisks for the Practical HackerTimings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical HackerStacy Devino
10.7K views21 slides
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp... by
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...DevOpsDays Tel Aviv
580 views18 slides
Infrastructureascode slideshare-160331143725 by
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725miguel dominguez
53 views167 slides

Similar to Joxean Koret - Database Security Paradise [Rooted CON 2011](20)

New and improved hacking oracle from web apps sumit sidharth by owaspindia
New and improved hacking oracle from web apps sumit sidharthNew and improved hacking oracle from web apps sumit sidharth
New and improved hacking oracle from web apps sumit sidharth
owaspindia1.8K views
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo... by Hafez Kamal
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal155 views
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński by Pilot
Pilot Tech Talk #10 — Practical automation by Kamil CholewińskiPilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot Tech Talk #10 — Practical automation by Kamil Cholewiński
Pilot180 views
Timings of Init : Android Ramdisks for the Practical Hacker by Stacy Devino
Timings of Init : Android Ramdisks for the Practical HackerTimings of Init : Android Ramdisks for the Practical Hacker
Timings of Init : Android Ramdisks for the Practical Hacker
Stacy Devino10.7K views
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp... by DevOpsDays Tel Aviv
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
How We Analyzed 1000 Dumps in One Day - Dina Goldshtein, Brightsource - DevOp...
DevOpsDays Tel Aviv580 views
Infrastructureascode slideshare-160331143725 by miguel dominguez
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
miguel dominguez53 views
Infrastructureascode slideshare-160331143725 by MortazaJohari
Infrastructureascode slideshare-160331143725Infrastructureascode slideshare-160331143725
Infrastructureascode slideshare-160331143725
MortazaJohari25 views
Infrastructure as code: running microservices on AWS using Docker, Terraform,... by Yevgeniy Brikman
Infrastructure as code: running microservices on AWS using Docker, Terraform,...Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Infrastructure as code: running microservices on AWS using Docker, Terraform,...
Yevgeniy Brikman177.6K views
Dev Environments: The Next Generation by Travis Thieman
Dev Environments: The Next GenerationDev Environments: The Next Generation
Dev Environments: The Next Generation
Travis Thieman639 views
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori by Docker, Inc.
The Golden Ticket: Docker and High Security Microservices by Aaron GrattafioriThe Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
The Golden Ticket: Docker and High Security Microservices by Aaron Grattafiori
Docker, Inc.22.3K views
Docker Security by BladE0341
Docker SecurityDocker Security
Docker Security
BladE0341659 views
Joanna Rutkowska Subverting Vista Kernel by guestf1a032
Joanna Rutkowska Subverting Vista KernelJoanna Rutkowska Subverting Vista Kernel
Joanna Rutkowska Subverting Vista Kernel
guestf1a0321.2K views
Docker, Linux Containers, and Security: Does It Add Up? by Jérôme Petazzoni
Docker, Linux Containers, and Security: Does It Add Up?Docker, Linux Containers, and Security: Does It Add Up?
Docker, Linux Containers, and Security: Does It Add Up?
Jérôme Petazzoni9.3K views
So. many. vulnerabilities. Why are containers such a mess and what to do abou... by Eric Smalling
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
Eric Smalling224 views
Node Security: The Good, Bad & Ugly by Bishan Singh
Node Security: The Good, Bad & UglyNode Security: The Good, Bad & Ugly
Node Security: The Good, Bad & Ugly
Bishan Singh8.4K views
Chasing the Adder. A tale from the APT world... by Stefano Maccaglia
Chasing the Adder. A tale from the APT world...Chasing the Adder. A tale from the APT world...
Chasing the Adder. A tale from the APT world...
Stefano Maccaglia219 views
.NET Debugging Tips and Techniques by Bala Subra
.NET Debugging Tips and Techniques.NET Debugging Tips and Techniques
.NET Debugging Tips and Techniques
Bala Subra2.1K views
.Net Debugging Techniques by Bala Subra
.Net Debugging Techniques.Net Debugging Techniques
.Net Debugging Techniques
Bala Subra4K views
Sonatype DevSecOps Leadership forum 2020 by Daniel Garcia (a.k.a cr0hn)
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)172 views
Iz Pack by Inria
Iz PackIz Pack
Iz Pack
Inria736 views

More from RootedCON

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde by
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRootedCON
288 views41 slides
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c... by
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...RootedCON
1K views55 slides
Rooted2020 hunting malware-using_process_behavior-roberto_amado by
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRootedCON
369 views29 slides
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_ by
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_RootedCON
408 views22 slides
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op... by
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...RootedCON
352 views86 slides
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r... by
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...RootedCON
304 views15 slides

More from RootedCON(20)

Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde by RootedCON
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro VillaverdeRooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
Rooted2020 A clockwork pentester - Jose Carlos Moral & Alvaro Villaverde
RootedCON288 views
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c... by RootedCON
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
rooted2020 Sandbox fingerprinting -_evadiendo_entornos_de_analisis_-_victor_c...
RootedCON1K views
Rooted2020 hunting malware-using_process_behavior-roberto_amado by RootedCON
Rooted2020 hunting malware-using_process_behavior-roberto_amadoRooted2020 hunting malware-using_process_behavior-roberto_amado
Rooted2020 hunting malware-using_process_behavior-roberto_amado
RootedCON369 views
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_ by RootedCON
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
Rooted2020 compliance as-code_-_guillermo_obispo_-_jose_mariaperez_-_
RootedCON408 views
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op... by RootedCON
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
Rooted2020 the day i_ruled_the_world_deceiving_software_developers_through_op...
RootedCON352 views
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r... by RootedCON
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
Rooted2020 si la-empresa_ha_ocultado_el_ciberataque,_como_se_ha_enterado_el_r...
RootedCON304 views
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca... by RootedCON
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
Rooted2020 wordpress-another_terror_story_-_manuel_garcia_-_jacinto_sergio_ca...
RootedCON277 views
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer by RootedCON
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguerRooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
Rooted2020 Atacando comunicaciones-de_voz_cifradas_-_jose_luis_verdeguer
RootedCON510 views
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav... by RootedCON
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
rooted2020-Rootkit necurs no_es_un_bug,_es_una_feature_-_roberto_santos_-_jav...
RootedCON440 views
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy by RootedCON
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemyRooted2020 stefano maccaglia--_the_enemy_of_my_enemy
Rooted2020 stefano maccaglia--_the_enemy_of_my_enemy
RootedCON256 views
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom... by RootedCON
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
Rooted2020 taller de-reversing_de_binarios_escritos_en_golang_-_mariano_palom...
RootedCON175 views
Rooted2020 virtual pwned-network_-_manel_molina by RootedCON
Rooted2020 virtual pwned-network_-_manel_molinaRooted2020 virtual pwned-network_-_manel_molina
Rooted2020 virtual pwned-network_-_manel_molina
RootedCON156 views
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an... by RootedCON
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
Rooted2020 van a-mear_sangre_como_hacer_que_los_malos_lo_paguen_muy_caro_-_an...
RootedCON174 views
Rooted2020 todo a-siem_-_marta_lopez by RootedCON
Rooted2020 todo a-siem_-_marta_lopezRooted2020 todo a-siem_-_marta_lopez
Rooted2020 todo a-siem_-_marta_lopez
RootedCON178 views
Rooted2020 live coding--_jesus_jara by RootedCON
Rooted2020 live coding--_jesus_jaraRooted2020 live coding--_jesus_jara
Rooted2020 live coding--_jesus_jara
RootedCON130 views
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un... by RootedCON
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
Rooted2020 legalidad de-la_prueba_tecnologica_indiciaria_cuando_tu_papi_es_un...
RootedCON98 views
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-... by RootedCON
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
Rooted2020 hackeando el-mundo_exterior_a_traves_de_bluetooth_low-energy_ble_-...
RootedCON143 views
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste by RootedCON
Rooted2020 evading deep-learning_malware_detectors_-_javier_yusteRooted2020 evading deep-learning_malware_detectors_-_javier_yuste
Rooted2020 evading deep-learning_malware_detectors_-_javier_yuste
RootedCON147 views
Rooted2020 encontrando 0days-en_2020_-_antonio_morales by RootedCON
Rooted2020 encontrando 0days-en_2020_-_antonio_moralesRooted2020 encontrando 0days-en_2020_-_antonio_morales
Rooted2020 encontrando 0days-en_2020_-_antonio_morales
RootedCON128 views
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin by RootedCON
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acinRooted2020 emotet is-dead_long_live_emotet_-_victor_acin
Rooted2020 emotet is-dead_long_live_emotet_-_victor_acin
RootedCON365 views

Joxean Koret - Database Security Paradise [Rooted CON 2011]