White Papers

The White Papers presented on this page have been written by Pentest Consultants for various forums, user groups and seminars and for the general security community.

Security Scans

This article discusses some tools and techniques for identifying TNS listeners on the Network.

Pentest consultants submitted an article for the well known security web site www.securityfocus.com. The paper focused on some of the simple configuration issues that exist in Oracle databases that can cause security holes. The paper also included a simple tool to perform a host based scan of an oracle database.

This tool can be found at http://www.pentest.co.uk/sql/scanner.sql

Wireless

An article giving an overview of some of the security issues with wireless technology and some guidance on suitable tools to help with pen testing wireless.

A more balanced view of some recent stories surrounding wireless networks and the vulnerabilities that they create.

A short article on how to modify a standard Bluetooth dongle so that it can connect to an external antenna.

Oracle

This major paper gives an overview of how to hack into Oracle and where the vulnerabilities lie covering all of the main parts of the RDBMS and associated tools pointing out potentially exploitable vulnerabilities. Also discussed briefly are SQL techniques for finding out what is in the database, where it is, how it's structured, how the database is protected, what to read, what permissions you have when you get an account and how to see and interpret the audit trail.

This paper is a posting made to www.securityfocus.com to show how incorrect setting of the Oracle parameter utl_file_dir can be exploited to read clear text passwords from the Oracle SGA.

This paper contains a table of default Oracle users, passwords and hashes. This table will be updated with any new default users and passwords as they become available. Pentest invites anyone to contribute with any new default users that are not included at present. Please email Pentest:oracle with any new data.

This short paper describes the issues that can arise if an Oracle application uses the system date SYSDATE for critical functionality and if it's possible for an attacker to alter the initialisation parameter fixed_date.

Interesting title!
Have you ever wanted to check if users are tampering with your Oracle PL/SQL source code stored within the database itself or even added or changed database objects? You can buy third party products to do this for the operating system files but how would you do it for your database objects ?

This article discusses a few ideas on how to make Oracle passwords that bit more secure.

Presentations

This is a presentation given by Tom Parker at Blackhat 2003 (Las Vegas) on Cyber Adversary Characterisation.

This is a presentation given by Matt Moore and Mark Rowe during 2003 at Salford University for ISACA UK Northern Chapter on Wireless Threats To Corporate Security.

This is a presentation given by Mark Rowe and Tim Hurman at the 2004 Wireless Connectivity (WiCon) World in Amsterdam on the fact and fiction behind publicised Bluetooth vulnerabilities.

This is a presentation given by Mark Rowe and Tim Hurman at the 2004 Wireless Broadband Forum in Cambridge on the general security of Bluetooth devices.

This is a presentation given by Tim Hurman at the 2006 EuSecWest conference in London. This covers details of creating exploits for ARM/WinCE and the issues surrounding patches and firmware upgrades.

Embedded/ARM

An article showing the potential for vulnerabilities to affect handheld devices. The article adapts existing techniques to Windows CE on the ARM architecture. Demonstration code with a benign payload is provided.