Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> How about a Hack Attack platform?
(Message started by: Pete Finnigan on Nov 5th, 2013, 11:13am)

Title: How about a Hack Attack platform?
Post by Pete Finnigan on Nov 5th, 2013, 11:13am
Hi everyone ..one ..one (hears echo  ;) )

I'm currently giving an in-house Oracle database hacking training for my collegues at work. It's a lot of fun and it raises a lot of security awareness. It raises new questions too. I've had a lot of positive feedback for this training.

So I've been thinking. At the UKOUG 2011 I've attended a RAC Attack session (http://en.wikibooks.org/wiki/RAC_Attack_-_Oracle_Cluster_Database_at_Home). RAC Attack is a free curriculum and platform for learning how to build a RAC cluster database.

So how about a Oracle Hack Attack? That would be a platform on which you can learn how to attack Oracle and then learn how to protect Oracle.

For example you could learn how to do port scans, network sniffing, password cracking and use exploits. This would be followed by an exercise in hardening the database, after which you try if the hack again to see the hardening had its effect.

Title: Re: How about a Hack Attack platform?
Post by Pete Finnigan on Nov 11th, 2013, 1:08pm
Hi Marcel-Jan,

Its a good idea but would need to be done right. The best approach would be to build a virtual box vm with perhaps XE on it and use that as the "host" to the study.

I would be happy to host it here on my site as a free download and also partner in terms of structuring whats in it, lessons, tools, how to secure etc / creating it.

It could be simply a curriculum I guess with detailed installation instructions on build, setup, exploits etc.

let me know your thoughts

Cheers

Pete



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board