Tag Archives: security awareness

The Department of Hacking Other Departments

We operations people often are rather charmed by Netflix’ idea of Chaos Monkey. This is a tool that identifies a group of systems and randomly terminates one system in that group. If you’ve never heard of Chaos Monkey, you might … Continue reading

Posted in Hacking for better security awareness, Security | Tagged , , , , | Leave a comment

Selling security by hacking influence (Part 2)

I’m still not quite done with the topic of how to convince organizations to work on improving security, a topic that I started after visiting the Security Roundtable at the UKOUG Tech 2014. This is part 2 of the blogpost … Continue reading

Posted in Oracle security | Tagged , , , , , | 1 Comment

How can we sell security? (Part 2)

At the Security Roundtable at the UKOUG Tech 2014, an important topic was how we can convince organizations to work on improving security. I originally envisioned this as a keynote like presentation. But seeing that UKOUG Tech 2015 was still a … Continue reading

Posted in Oracle security | Tagged , , , , , , , , , | Leave a comment

The incredible speed of dictionary attacks in password cracking

As I wrote last week, I did an Oracle database hacking training. One of the exercises was to get password hashes from sys.user$ (in 10g and before: dba_users) and brute force crack the password with woraauthbf 0.22. In the database … Continue reading

Posted in Oracle security | Tagged , , , , , | 1 Comment

Having a ball with the hacking training

Today I did my third out of four database hacking sessions at work and I have to say it again was a lot of fun. It sure did raise security awareness. My training of four hours consists of the following … Continue reading

Posted in Oracle security | Tagged , , , , , , | 1 Comment

The best way to gain security awareness, is to learn to hack

One of our managers at my former employer was not amused. You might say he was appalled. I wrote on our company blog a post (in Dutch) about how to use the Java exploit in the Oracle database, recently shown … Continue reading

Posted in Oracle security | Tagged , , , | 1 Comment