|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Cesar (sqlsec
yahoo.com)
Date: Fri Mar 09 2007 - 19:09:47 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi.
Abstract:
This paper will show a extremely simple technique to quickly audit a software product in order
to infer how trustable and secure it is. I will show you step by step how to identify half dozen
of local 0day vulnerabilities in few minutes just making a couple of clicks on very easy to use
free tools, then for the technical guys enjoyment the vulnerabilities will be easily pointed out
on disassembled code and detailed, finally a 0day exploit for one of the vulnerabilities will be
demonstrated.
While this technique can be applied to any software in this case I will take a look at the latest
version of Oracle Database Server: 10gR2 for Windows, which is a extremely secure product
so it will be a very difficult challenge to find vulnerabilities since Oracle is using advanced next
generation tools to identify and fix vulnerabilities
http://www.argeniss.com/research/10MinSecAudit.zip
(PoC exploit included)
Thanks.
Cesar.
____________________________________________________________________________________
No need to miss a message. Get email on-the-go
with Yahoo! Mail for Mobile. Get started.
http://mobile.yahoo.com/mail
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]