You may already read my articles about virtualization/cloud security: In the above articles I was impersonating an evil cloud administrator and showing you how this kind of person can access and modify even encrypted data. We will continue this fun, but this time you may also use this trick when you forget root password in […]
Remember my post, regarding dumping the SGA to read encrypted blocks? What if I tell you, that you can do the same, while being a KVM host administrator with no credentials to a VM itself? Let’s prepare our secure database in a way I did in article AMM vs security. After enabling Oracle Wallet and […]
So apparently this cloud-thing is here for good. You may even say that it became endemic 😉 With cloud there is one potential problem – the bigger and heavier it is, the more possible is the leak. Cloud after all is just a virtualization in a big scale and if you go to public cloud […]
It has been crazy few months – organizing POUG2018 took a lot of energy but it was satisfying as hell! 😀 This weekend I had some time to prepare a new version of ODBV for Trivadis Performance Days 2018 where I’ll be talking about the internals of database block storage. The series of articles about […]
After my last article AMM vs security, Martin Berger wrote to me: well, even without AMM you can do it: write your own process which attaches to the same shm segments – and use its memory mapping (?) My response was that it is also possible with ASMM but AMM makes it extremely easy. And […]
Most of us already know that AMM sucks. But usually, we think about disadvantages of AMM in terms of performance. Let’s see why it sucks in the terms of security 😉 Let’s create an encrypted tablespace for HR.EMPLOYEES and protect HR schema with Database Vault. Contents of sqlnet.ora Now we will use dbca to configure […]
In my last blog post I explained a XOR alghorithm that is used to count Oracle database block checksum. I also wrote, that sometimes you are facing problems, that are unresolvable without a low-level knowledge. This is the story of this kind of situation. The story of misread documentation. The story of haste and hex. […]
Recently I’ve started to write my own clone of BBED to have something handy and useful in extreme cases when you have to go deep and fix stuff on low level (I have only like 2 such cases a year but each time it is really fun and a nice money 😉 ) When I’ll […]
Some time ago I wrote a simple tool to learn about Oracle data block internals – ODBV. The series of articles can be found here: https://blog.ora-600.pl/?s=odbv&submit= and the github repo is here: https://github.com/ora600pl/odbv This is not a production tool but during the last session in Birmingham at UKOUG_TECH17 – where I was doing a presentation […]
I’ve wrote about privilege escalation with external tables in this post: https://blog.ora-600.pl/2014/12/23/simple-technics-of-privilege-escalation-part2-dbasysdba/ This time we will try to list all files within directory object, to which we have no EXECUTE privs. This is possible due to great new feature of database 12c that allows to use metacharacters to match multiple files in external table. I […]
I’ve already showed you, how to escalate privileges in Oracle Databases. https://blog.ora-600.pl/2013/04/02/privilege-escalation-in-oracle-11gr2-part1/ https://blog.ora-600.pl/2014/12/23/simple-technics-of-privilege-escalation-part2-dbasysdba/ The question is – how to secure your database, if you don’t have EE or possibility to buy Oracle Database Vault or Oracle Advanced Security. Well – there’s always a DBA creativity 😉 For example – if you want to secure the […]
I było tak, że 31 dnia miesiąca sierpnia roku 2015, spotkali się entuzjaści Wyroczni w posiadłości AVIVA. I było tak, że dzierżąc kufle – po brzegi browarem wypełnione – zasiadło wielu aby posłuchać kilku, którzy chcieli się przemyśleniami swoimi podzielić. I stało się tak, że admin przepijał do dewelopera a deweloper do admina i pospołu dyskusja toczyła się wartka a […]
I’ve started the project called RICO – the tool, written in C++ for last resort data recovery. It can be used to extract data from corrupted datafiles and dump them in the form of text files. It is in the early development stage right now and the functionalities are narrowed to: Dump regular and partitioned […]
Recently there was a new vulnerability introduced in glibc library: http://www.openwall.com/lists/oss-security/2015/01/27/9 Oracle is using the gethostbyname function in "*skgxp*" libraries: So this can be an issue – a specially in RAC environments. RedHat recommends to upgrade the glibc libraries: https://access.redhat.com/articles/1332213 And I do agree 😉
A lot companies consolidates databases into one appliance – like for example Oracle Exadata. So you can have a lot of different databases in one physical cluster. And what if I tell you that you can execute any OS command as an oracle user, having just access to a database user with appropriate privileges? What […]