Black Hat Digital Self Defense USA 2006


Black Hat USA Training 2006
Caesars Palace Las Vegas • July 29-30 and July 31-August 1

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.

Black Hat Registration

Breakable: Secure Your Oracle Servers By Breaking Into Them

David Litchfield, NGS Software & Mark Litchfield, NGS Software

What to bring:
Basic networking knowledge is required and a familiarization with database concepts would be beneficial. Experience or knowledge of specific database solutions is desirable, though not essential in order to complete the course satisfactorily.

Participants are requested to bring their own laptops with and Oracle client installed.

A new course designed and taught by world renown security vulnerability researcher David Litchfield.

Never has the need for understanding Oracle database security been so great as it is today as the boundaries between networks become less defined and web applications provide direct inroads through any firewalls and into the backend. This course will teach you how to hack into Oracle database servers; only by truly grasping the mechanics of attacks can a complete and effective defense be built. We will cover all aspects of breaking into Oracle database and application servers covering such topics as

  • PLSQL Injection
  • Abusing Triggers
  • Defeating Virtual Private Databases
  • Defeating Oracle Label Security
  • Indirect Privilege Escalation
  • Buffer Overflows
  • Local Attacks
  • Hacking the Authentication Process
  • Hacking the TNS Listener
  • Hacking the XML Database
  • Hacking Oracle Application Server
  • Hacking an EAL4 Certified Database
  • and Much, Much More

A prior knowledge of Oracle would be useful but not necessary.

Who should take this course:
Anyone interested in Oracle Database Security


David Litchfield
Founder and Chief Scientist, NGS Software

David Litchfield is the founder and Chief Research Scientist of NGSSoftware Ltd, a U.K. based security solutions provider. He is the co-author of "The Database Hacker's Handbook", "The Shellcoder's Handbook", "SQL Server Security" and "Special Ops". He has lectured both the National Security Agency in the U.S. and G.C.H.Q. in the U.K. on emerging threats and information assurance.

He is a regular speaker at the Black Hat Security Briefings and has also presented at Microsoft Bluehat and Microsoft TechEd. Previously he was the Director of Security Architecture of @stake, since accquired by Symantec and the founder and Managing Director of Cerberus Information Security Ltd, which was accquired by @stake in July 2000. At NGSSoftware, as well as conducting research into new computer vulnerability, David has designed and help develop NGSSQuirreL, a powerful tool for advanced database
vulnerability and risk assessment.

Mark Litchfield
Director, NGS Research

Mark Litchfield was jointly voted the 'Best Bug Hunter' for computer security vulnerability discovery (with his brother David) and is one of the six founding members of NGSSoftware.

With his vast experience of network and application penetration testing, Mark has discovered and published over 200 major security vulnerabilities in many different products, including most notably Apache, Microsoft Internet Information Server, Oracle database server and Microsoft SQL Server. In every case where Mark has found vulnerabilities, he has worked closely with the affected vendors in order to develop solutions that will protect their customers. Mark is also currently involved with the business development side of NGS.

Black Hat Registration

Course Length: Two days. All course materials, lunch and two coffee breaks will be provided. A Certificate of Completion will be offered. You must provide your own laptop.


Early Bird:
Ends June 30, 2006

Ends July 27, 2006

Begins July 28, 2006

$2000 USD

$2200 USD

$2300 USD

Black Hat Logo
(c) 1996-2007 Black Hat