Tag Archives: security

The Department of Hacking Other Departments

We operations people often are rather charmed by Netflix’ idea of Chaos Monkey. This is a tool that identifies a group of systems and randomly terminates one system in that group. If you’ve never heard of Chaos Monkey, you might … Continue reading

Posted in Hacking for better security awareness, Security | Tagged , , , , | Leave a comment

My new role as “product responsible”

For nearly 6 months now I do something different than just technical work. I am currently – what they call at Rabobank – “Product Verantwoordelijke”. In English it sounds a bit weird: “product responsible”, or “responsible for the product”. And … Continue reading

Posted in I'm not a manager | Tagged , , , , , , , , | Leave a comment

Five steps to have your own Metasploit and Oracle demo environment

Bingo! I’ve done it! I’ve got Metaspoit working against an Oracle database. And in this blogpost I’ll explain how you can do it too.   Step 0. Your soon to be powned Oracle database Let’s assume you already have a … Continue reading

Posted in Hacking for better security awareness, Oracle security | Tagged , , , , , , | Leave a comment

No. If I can’t hack you, you are not secure.

Ever come up against this issue? You see that something in the IT infrastructure is set up in a less than sanitary way: for example the application has dynamic SQL, or the security of the database relies on the application. One … Continue reading

Posted in Oracle security | Tagged , , , | Leave a comment

Selling security by hacking influence (Part 1)

At the Security Roundtable at the UKOUG Tech 2014, an important topic was how we can convince organizations to work on improving security. This is a continuation of the blogpost series “How can we sell security”. Only this third part grew so … Continue reading

Posted in Oracle security | Tagged , , , , , , | Leave a comment

Running Nmap against an Oracle listener

When preparing for the Planboard symposium in Utrecht last Tuesday, I decided to use tools like Nmap and Metasploit to show how these tools can be used against an Oracle database server. I have worked with Nmap before, but I’m … Continue reading

Posted in Oracle security | Tagged , , , , | 1 Comment

Detecting breaches in an Oracle database – with a honeypot

SQL Injection is one of the most popular, if not the most popular, hacking method. It’s in most cases an application-related problem. So what’s a DBA to do? In an ideal world DBAs can assign minimal privileges to the users … Continue reading

Posted in Oracle security | Tagged , , , , | Leave a comment