Cesar Cerrudo of Argeniss ("http://www.argeniss.com") published a paper titled “Practical 10 minutes security audit: Oracle Case ("http://www.argeniss.com/research/10MinSecAudit.zip")“. You just gotta live his writing style, be sure you can deal with a good deal of sarcasm. The paper is a relatively short, but insightful and technically interesting writeup.

From his description: This paper will show a extremely simple technique to quickly audit a software product in order to infer how trustable and secure it is. I will show you step by step how to identify half dozen of local 0day vulnerabilities in few minutes just making a couple of clicks on very easy to use free tools, then for the technical guys enjoyment the vulnerabilities will be easily pointed out on disassembled code and detailed, finally a 0day exploit for one of the vulnerabilities will be demonstrated.

If you are interested in software security and have 10 minutes of time left, it’s definitely worth it.

Tools involved:

* Process Explorer ("http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx")
* WinObj ("http://www.microsoft.com/TechNet/Sysinternals/Utilities/WinObj.mspx")
* PipeACL Tools ("http://www.bindview.com/Services/RAZOR/Utilities/Windows/pipeacltools1_0.cfm")

Share This ("http://www.marsmenschen.com/?p=145&akst_action=share-this")



http://www.marsmenschen.com/2007/03/11/auditing-oracle-with-cesar-cerrudo/