Category Archives: Oracle security

NMap 7 is out

Yesterday I read that there is a totally new release of nmap, the network mapping tool. I’ve blogged about Nmap before. Version 7 has attacks against Heartbleed, it has mature IPv6 support, faster scans on Windows and BSD systems. And … Continue reading

Posted in Oracle security | Tagged , , , , , | 1 Comment

Exploiting an Oracle database with Metasploit (Part 2)

Continuing from Exploiting an Oracle database with Metasploit (Part 1). Here’s the next set of Metasploit exploits and scanners I’ve tried and tested. auxiliary/scanner/oracle/tnspoison_checker This one just checks if your database is vulnerable to TNS poisoning: msf auxiliary(tnspoison_checker) > info … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , | Leave a comment

Exploiting an Oracle database with Metasploit (Part 1)

Now that I have a Metasploit and Oracle demo environment, it is time to see what I can use to exploit an Oracle 11g Release 2 database. I have to tell you, most of the exploits are actually rather old. … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , | 1 Comment

Five steps to have your own Metasploit and Oracle demo environment

Bingo! I’ve done it! I’ve got Metaspoit working against an Oracle database. And in this blogpost I’ll explain how you can do it too.   Step 0. Your soon to be powned Oracle database Let’s assume you already have a … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , | Leave a comment

Installing and Learning Metasploit

I’ve blogged about Metasploit before. Metasploit is a framework for exploits and comes with tools like port scanners, password crackers and more. These days you can learn a lot of skills on Youtube, and tutorials about Metasploit are among them. … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , , | Leave a comment

How to change your organization for better security (Part 2)

This is a three-part blogpost about how to change your organization for better security, even when you are not in power. Last blogpost we saw how to get our rational, analytical mind in action. This time we look how our … Continue reading

Posted in Change when you're not in power, Oracle security | Tagged , , , , , , , , , , , | Leave a comment

How to change your organization for better security (Part 1)

So at your organization security has a low priority. It basically gets done after all the other stuff is done, and then some. Management says security is important, but they don’t walk the walk. Are they doing this on purpose? … Continue reading

Posted in Change when you're not in power, Oracle security | Tagged , , , , , , , , , | Leave a comment