Presented at
DerbyCon 3.0 All in the Family (2013),
Sept. 28, 2013, 10 a.m.
(50 minutes).
The Android phone makers do everything to customize their devices just make sure they are different. Samsung changed something important under the hood. Samsung thinks differently about the android device encryption. In the presentation we show what Samsung changed in their flagship phones compared to vanilla android firmware. We show how you can get the clear text encryption key through adb and not just that. We cannot make a presentation without Oracle hacking, so we show how they tried to think differently and it is also crypto related.
Of course everything will be demonstrated and the tools will be released.
Presenters:
-
László Tóth
László has more than 10 years experience in information security (penetration testing, security audit, incident response). As a researcher his focus is Oracle Database security. He published several research papers and tools in this subject. László is the developer of the woraauthbf tool, which was one of the fastest Oracle password crackers at the time of its release. He also released several unique research papers about vulnerabilities of the Oracle authentication protocols and post-exploitation techniques. His name was mentioned in several CPUs released by Oracle. You can check out the technical deepness of his presentations at www.soonerorlater.hu:
Well received presentation at Derbycon 2.0: Think differently about database hacking http://soonerorlater.hu/index.khtml?article_id=517
Own research results on Oracle native authentication http://www.soonerorlater.hu/index.khtml?article_id=511
First description of the Oracle native authentication protocol of Oracle 11g http://www.soonerorlater.hu/index.khtml?article_id=512
Worauthbf which was the fastest oracle password bruteforcer at the time of the publishing http://www.soonerorlater.hu/index.khtml?article_id=513
Own research results on Oralce authentication downgrading and publishing the tool pytnsproxy http://www.soonerorlater.hu/index.khtml?article_id=514
Own research results on oracle post exploitation and TDE (Transparent Database Encryption) http://www.soonerorlater.hu/index.khtml?article_id=516
Own research result on post exploitation of oracle and oradebug http://www.soonerorlater.hu/download/hacktivity_lt_2011_en.pdf
-
Ferenc Spala
Ferenc worked as a security consultant for 6 years. He gave several talks on Hungarian and international itsec conferences and workshops. He is also the member of Hacktivity program committee. The story of Hacktivity started in 2003 when a group of security experts were looking for a forum to meet and share experience and has become the largest and oldest independent Hungarian ethical hacker event. He is former blogger of a Hungarian IT security blog called “Alice and Bob”. He reported several vulnerabilities in different software such as IBM Cognos Business Intelligence.
Well received presentation at Derbycon 2.0: Think differently about database hacking http://soonerorlater.hu/index.khtml?article_id=517″
Similar Presentations: