Confidence - (19-20.11 2009 Warszawa)
Język: polski | english


Guido Landi

Temat: Expanding the control over the operating system from the database

Język: angielski

Bio:
Guido Landi is an IT security engineering working for an Italian security service provider. Guido has almost 10 years of experience in IT security working on tasks from system administration to penetration testing. As an independent researcher he works on vulnerability exploitation, reverse engineering and discovered several vulnerabilities in popular products from various vendors from Mozilla to Cisco.
Homepage: http://www.pornosecurity.org and http://www.milw0rm.com/author/1413.

Abstrakt:
Using a database (MySQL, PostgreSQL and Microsoft SQL Server), either via a SQL injection or via direct connection, as a stepping stone to control the underlying operating system can be achieved. There is much to say on operating system control by owning a database server: Windows registry access, anti-forensics technique to establish an out-of-band stealth connection, buffer overflow exploitation with memory protections bypass and custom user-defined function injection. These topics and more will be highlighted during the presentation.