Bernardo Damele

Temat: Expanding the control over the operating system from the database
Język: angielski
Bio:
Bernardo Damele Assumpcao Guimaraes is an IT security engineer
currently based in Londonand working as penetration tester and
security researcher for Portcullis Computer Security Ltd. In recent
years he has been researching web application, database management
systems security and post-exploitation techniques. He is sqlmap
(http://sqlmap.sourceforge.net) lead developer, MySQL UDF repository
developer, Metasploit contributor and speaker at international and
local IT security conferences.
Homepage: http://bernardodamele.blogspot.com.
Abstrakt:
Using a database (MySQL, PostgreSQL and Microsoft SQL Server), either via a SQL injection or via direct connection, as a stepping stone to control the underlying operating system can be achieved. There is much to say on operating system control by owning a database server: Windows registry access, anti-forensics technique to establish an out-of-band stealth connection, buffer overflow exploitation with memory protections bypass and custom user-defined function injection. These topics and more will be highlighted during the presentation.