Presentation Title: Hacking Hardened and Secured Oracle Servers
Presentation Details:

Most papers and documents concerning hacking Oracle databases are designed to break into unhardened, unpatched Oracle databases. That’s easy… This presentation will show different possibilities to break into a already hardened and patched Oracle databases using the latest Oracle security features like Database Vault, Transparent Data Encryption, Virtual Private Database…. We will talk about:

* Privilege escalation / Data theft using the following privileges
— select any table
— execute any procedure
— create view
— create procedure

* Disable SQL Tracing
* Disable DDL-Trigger
* Bypass Logon-Trigger
* Remove Traces from various places (log-files, audit-tables, …)
* IDS Evasion
* Get Oracle Passwords (not only from Hashes)

About Alexander

Alexander Kornbrust is the founder and CEO of Red-Database-Security GmbH, a company specialized in Oracle security. Red-Database-Security is one of the leading companies in Oracle security. He is responsible for Oracle security audits and Oracle Anti-hacker trainings and gave various presentations on security conferences like Black Hat, Defcon, Bluehat, IT Underground and Syscan. Alexander has worked with Oracle products as an Oracle DBA and Oracle developer since 1992. During the last six years, Alexander reported over 320 security bugs in different Oracle products.