Three Tier Oracle Security in London ~ Paul M. Wright

Archive for October, 2008

CREATE ANY DIRECTORY to SYSDBA

An Oracle DB user which has been granted CREATE ANY DIRECTORY can use that system privilege to grant themselves the SYSDBA system privilege by creating a DIRECTORY pointing to the password file location on the OS and then overwriting it with a previously prepared known binary password file using UTL_FILE.PUT_RAW from within the DB. This [...]

October 10th, 2008 | Category: Uncategorized | Leave a comment

CREATE_DIRECTORY package is here

paulmwright @ oraclesecurity.com

First book on Database Forensics

Second book

ACM Review of my book
IOUG Journal publication of my Oracle Security Monitoring Paper

UKOUG DAMS Journal Article

IOUG Journal publication of my Oracle password paper

NGS Oracle password paper

July 2011 CPU
July 2010 CPU
April 2008 CPU
July 2007 CPU
April 2007 CPU

First paper on database forensics
First GIAC Qualified Oracle Security Analyst with Honors Paper
Oracle Forensics In A Nutshell
Oracle Password Paper in Japanese
SYSDBA Backdoor Paper
CREATE ANY DIRECTORY TO SYSDBA
CREATE USER TO SYSDBA

SANS Forensics
Slavik's Blog

David Litchfield's site
David's book on the way

SQL Server Forensics Paper
SQL Server Forensics Book

Find us on Google+