Three Tier Oracle Security in London ~ Paul M. Wright

Archive for March, 2014

INDEX to SYSDBA without SELECT

Hello Oracle Security Readers, If we combine the following factors together then we can identify an escalation route from Index on SYSTEM to SYSDBA which does not require SELECT privileges on the indexed table: 1. SYSTEM passes it’s DBA role through it’s procedures. 2. Oracle indexes allow execution from read via functions i.e. INDEX can [...]

March 27th, 2014 | Category: Uncategorized | Leave a comment

CREATE_DIRECTORY package is here

paulmwright @ oraclesecurity.com

First book on Database Forensics

Second book

ACM Review of my book
IOUG Journal publication of my Oracle Security Monitoring Paper

UKOUG DAMS Journal Article

IOUG Journal publication of my Oracle password paper

NGS Oracle password paper

July 2011 CPU
July 2010 CPU
April 2008 CPU
July 2007 CPU
April 2007 CPU

First paper on database forensics
First GIAC Qualified Oracle Security Analyst with Honors Paper
Oracle Forensics In A Nutshell
Oracle Password Paper in Japanese
SYSDBA Backdoor Paper
CREATE ANY DIRECTORY TO SYSDBA
CREATE USER TO SYSDBA

SANS Forensics
Slavik's Blog

David Litchfield's site
David's book on the way

SQL Server Forensics Paper
SQL Server Forensics Book

Find us on Google+