We might have missed some of other notable presentations yesterday when we posted the links to the Black Hat DC 2010 media. Well, the videos of some of the sessions are now up at the site as well and we have a few more picks below.
- Hacking Oracle 11g
David Litchfield talked about his method of escalating Java privileges to exploit Oracle 11g databases. Some sample code from his session is shown below. VIDEO | AUDIO
CURSOR C1 IS SELECT ‘GRANT’,USER(), ‘SYS’,’java.io.FilePermission’,’<<ALL FILES>>‘,’execute’,’ENABLED’ from dual;
FETCH C1 BULK COLLECT INTO POL;
After the Java privilege escalation it is possible to run OS commands using a simple SELECT statement:select dbms_java.runjava(’oracle/aurora/util/Wrapper c:\\windows\\system32\\cmd.exe /c dir>c:\\out.lst’)from dual;
- Exploiting Lawful Intercept to Wiretap the Internet
Wiretapping and access to communications are key law enforcement tools in catching criminals. If the tools used to intercept these communications are compromised, it can provide unlawful surveillance to malicious hackers. This talk centers on flaws found on such systems and methods to secure these vulnerabilities. PDF | PPT | VIDEO | AUDIO
And here are a couple to look out for as well. You might notice that they already have media links up. Those aren’t live yet but we’ll keep you updated when they are.
- Internet Explorer turns your personal computer into a public file server
There are several attack vectors that can be used on Internet Explorer users to enable remote viewing and even modification of their files. In this presentation, Jorge Medina shows some proof of concept attacks to demonstrate how to turn someone’s computer to a public file server. PDF | PPT | VIDEO | AUDIO
- Hacking the Smartcard Chip
Smartcards are used in a variety of ways, from enabling cellphones and storing money to logging into computers and confirming identification. Even so, it’s not foolproof and this session will walk through how to compromise a smartcard and what tools to use for this. PPT | VIDEO | AUDIO