Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Bunker has released a 0-day Oracle exploit"] [Next entry: "3 new papers on Oracle forensics"]

Argeniss have released a simple Oracle root kit



Argeniss have, as part of the download from Cesar Cerrudo's recent Blackhat presentation released a simple Oracle rootkit. https://www.blackhat.com/presentations/bh-eu-07/Cerrudo/Cerrudo-Additional-Materials.zip - (broken link) The code can be downloaded from here. This rootkit as i said is quite simple and includes an installer, a backdoor, some Java code to read and write the file system and a mechanism to run export from within the database and to transfer the data out of the database over a network port. The code also includes a clean up script. Its a long way from a complete kit that would hide a malicious user properly and would clean up after anything but its a start.

There has been 1 Comment posted on this article


April 3rd, 2007 at 10:41 pm

Pete Finnigan says:

And here I am still digesting his "10 minutes Security Audit" paper...He's been busy.