Database Breach Investigations: Oracle Edition

David Litchfield

Register Now for Black Hat DC 2011

DC 2011 Training Session // january 16 - 17


  • Learn how hackers break into Oracle
  • Learn how to find evidence of their intrusions
  • Learn about the Oracle forensics process
  • Learn how to use the world's first database specific breach investigation tool
  • Become a VCBI, V3RITY Certified Breach Investigator: Oracle

This training course will teach students the tricks and techniques hackers use to break into Oracle database servers and then how to peform a database security breach investigation covering evidence collection, collation and analysis using V3RITY for Oracle, the world's first database specific forensics and breach investigation tool. In addition, students will become a V3RITY Certified Breach Investigator - VCBI.

v3rity was founded by David Litchfield in March 2010 to solve one of the biggest problems in IT today: when a company suffers a database breach how can the investigation be expedited. Right now, there are no tools designed specifically to forensically examine a compromised database server. v3rity will do this.

What to Bring:

Students will need a Windows laptop with at least 10 gigabytes of spare disk space.


David Litchfield is recognized as one of the world's leading authorities on database security. He is the author of Oracle Forensics, the Oracle Hacker's Handbook, the Database Hacker's Handbook and SQL Server Security and is the co-author of theShellcoder's Handbook. He is a regular speaker at a number of computer security conferences and has delivered lectures to the National Security Agency, the UK's Security Service, GCHQ and the Bundesamt für Sicherheit in der Informationstechnik in Germany.

In 2010, David was listed by CRN as a "Security Superstar" and in 2003 he was voted as the "Best Bug Hunter" by Information Security Magazine. In the same year he discovered and developed two methods to bypass the exploit prevention mechanisms built into Microsoft's Windows 2003 Server and consequently worked with Microsoft to improve them. He has found and helped to fix 24 security flaws in SQL Server, including the vulnerability that was exploited by Slammer, 17 in IBM's DB2, 22 in Informix and over 100 in Oracle. In February 2008 David discovered a new class of vulnerability in Oracle that can lead to "Lateral SQL Injection" and, in the November of 2006, another new class of vulnerability in the same RDBMS that can lead to "cursor snarfing"attacks. Both are general programming flaws, that can lead to data compromise. David pioneered major advancements in Oracle forensics and has authored 7 technical papers since March 2007 on the topic.

David recently founded v3rity, a new venture. v3rity develops breach investigation software to examine compromised database servers. Until February 2010, David was Chief Research Scientist at NGSSoftware, a UK computer security services and software company he founded in 2001. NGSSoftware was acquired by NCC Group in November 2008. In 2007 NGSSoftware was awarded the Queen's Award for Enterprise, and was listed as one of the UK's fasted growing tech companies by both Deloitte and the Sunday Times. NGSSoftware was winner in the Best Security Company category in the 2008 European SC Magazine Awards and runner up in 2007. Previously David was Director of Research at @stake after his first company, Cerberus Information Security, was acquired in July 2000.

Super Early:
Ends Oct 15

Ends Nov 15

Ends Dec 15

Ends Jan 15