Dumping SGA to read encrypted blocks

After my last article AMM vs security, Martin Berger wrote to me: well, even without AMM you can do it: write your own process which attaches to the same shm segments – and use its memory mapping (?) My response was that it is also possible with ASMM but AMM makes it extremely easy. And […]


AMM vs security

Most of us already know that AMM sucks. But usually, we think about disadvantages of AMM in terms of performance. Let’s see why it sucks in the terms of security 😉 Let’s create an encrypted tablespace for HR.EMPLOYEES and protect HR schema with Database Vault. Now we will use dbca to configure a database for […]


Project RICO2 and the history of APEX upgrade that went terribly wrong.

In my last blog post I explained a XOR alghorithm that is used to count Oracle database block checksum. I also wrote, that sometimes you are facing problems, that are unresolvable without a low-level knowledge. This is the story of this kind of situation. The story of misread documentation. The story of haste and hex. […]


Oracle database block checksum XOR algorithm explained

Recently I’ve started to write my own clone of BBED to have something handy and useful in extreme cases when you have to go deep and fix stuff on low level (I have only like 2 such cases a year but each time it is really fun and a nice money 😉 ) When I’ll […]


ODBVv2 – ghostdata busters

Some time ago I wrote a simple tool to learn about Oracle data block internals – ODBV. The series of articles can be found here: and the github repo is here: This is not a production tool but during the last session in Birmingham at UKOUG_TECH17 – where I was doing a presentation […]

12c & external tables

How to list files from directory using external table in 12c

I’ve wrote about privilege escalation with external tables in this post: This time we will try to list all files within directory object, to which we have no EXECUTE privs. This is possible due to great new feature of database 12c that allows to use metacharacters to match multiple files in external table. I […]


Secure your database (part 1)

I’ve already showed you, how to escalate privileges in Oracle Databases. The question is – how to secure your database, if you don’t have EE or possibility to buy Oracle Database Vault or Oracle Advanced Security. Well – there’s always a DBA creativity 😉 For example – if you want to secure the […]

[PL] Browar z Wyrocznią

Jak smakuje Browar z Wyrocznią

I było tak, że 31 dnia miesiąca sierpnia roku 2015, spotkali się entuzjaści Wyroczni w posiadłości AVIVA. I było tak, że dzierżąc kufle – po brzegi browarem wypełnione – zasiadło wielu aby posłuchać kilku, którzy chcieli się przemyśleniami swoimi podzielić. I stało się tak, że admin przepijał do dewelopera a deweloper do admina i pospołu dyskusja toczyła się wartka a […]



I’ve started the project called RICO – the tool, written in C++ for last resort data recovery. It can be used to extract data from corrupted datafiles and dump them in the form of text files. It is in the early development stage right now and the functionalities are narrowed to: Dump regular and partitioned […]

1 2


Database Whisperers sp. z o. o. sp. k.
Al. Jerozolimskie 200
Wejście B, III piętro/ pokój 342
02-486 Warszawa
NIP: 5272744987
+48 508 943 051
+48 661 966 009

Newsletter zapisz się żeby być na bieżąco