[Previous entry: "Bunker has released a 0-day Oracle exploit"] [Next entry: "3 new papers on Oracle forensics"]
Argeniss have released a simple Oracle root kit
April 3rd, 2007 by Pete
Post to del.icio.us
Post to Furl
Argeniss have, as part of the download from Cesar Cerrudo's recent Blackhat presentation released a simple Oracle rootkit. The code can be downloaded from here. This rootkit as i said is quite simple and includes an installer, a backdoor, some Java code to read and write the file system and a mechanism to run export from within the database and to transfer the data out of the database over a network port. The code also includes a clean up script. Its a long way from a complete kit that would hide a malicious user properly and would clean up after anything but its a start.
April 3rd, 2007 at 10:41 pm
Peter K says:
And here I am still digesting his "10 minutes Security Audit" paper...He's been busy.