SlideShare ist ein Scribd-Unternehmen logo

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and countermeasures

M Mehdi Ahmadian
M Mehdi Ahmadian

Databases hacking, safeguards and countermeasures Case study : Oracle & SQL server malwares

Wissenschaft
1 von 31
Downloaden Sie, um offline zu lesen
Present by : M. M. Ahmadian Supervisor: Dr. Shahriari May 2014 Databases hacking, safeguards and countermeasures Case study : Oracle & SQL server malwares In the name of Allah Home page : www.mmAhmadian.ir/ Weblog : ahmadian.blog.ir
1.Introduction 2.How databases are hacked? 3.Top Ten Database Security Threats 4.SQL Server malwares • Cblade • Spida • Slammer 5.Oracle rootkits 6.Conclusion 7.References 2 Overview www.mmAhmadian.ir/
• Databases have the highest rate of breaches among all business assets. • according to the 2012 Verizon Data Breach Report. • 96% of breached are from databases. • databases are at the heart of any organization, storing customer records and other confidential business data. But How are databases so vulnerable to breaches? 3 Introduction to Database Security [1] www.mmAhmadian.ir/
4 How much personal data worth?[1] www.mmAhmadian.ir/
http://www.ft.com 5 www.mmAhmadian.ir/
 Password guessing / bruteforcing  Passwords and data sniffed over the network • If encryption is not used, passwords and data can be sniffed.  Exploiting misconfigurations • Some database servers are open by default  . Exploiting known/unknown vulnerabilities • Buffer overflows. • SQL Injection. • Etc.  Exploiting SQL Injection on web applications • This is one of the easiest and preferred method that criminals use to steal sensitive information such as credit cards, social security numbers, customer information, etc.  Stealing disks and backup data.  If data files and backed up data are not encrypted, once stolen data can be compromised.  Insiders are a major threat • If they can log in then they can hack the database. 6 How databases are hacked? [2,3] www.mmAhmadian.ir/
 Malwares • By email, p2p, IM, CD, DVD, etc. • Once executed • Get database servers and login info • configure connections, Sniffing, etc. • Connect to database servers (try default accounts if necessary). • Steal data (run 0day and install rootkit if necessary). • Find next target • Looking at linked servers/databases. • Looking at connections. • Sniffing. • Send encrypted data back to attacker by email, HTTPS, covert channel, etc.  Installing a rootkit/backdoor • Actions and database objects can be hidden. • Designed to steal data and send it to attacker and/or to give the attacker stealth and unrestricted access at any given time. 7 How databases are hacked?(cons.) www.mmAhmadian.ir/
8 How databases are hacked?(cons.)
9 Top Ten Database Security Threats: 2010 vs. 2013[1] www.mmAhmadian.ir/
 Cbalde  dnsservice.exe Worm  2001-2003  First MS SQL Server worm.  With 3 versions 10 SQL server malwares : Cbalde[5] www.mmAhmadian.ir/
11 SQL malwares : Cbalde diagram www.mmAhmadian.ir/
12 • Update current antivirus software programs • Force DBA to change the default configuration. • Restrict access to port 1433 . SQL server malwares : Cbalde[5] www.mmAhmadian.ir/
13 • Install Patches • The Aladdin Virus Alert for Win32.Cblade.a is available at the following link: Virus Alert. The March 2, 2003, virus definitions are available at the following link: Aladdin • The Aladdin Virus Alert for Win32.Cblade.b is available at the following link: Virus Alert. The March 2, 2003, virus definitions are available at the following link: Aladdin • The Computer Associates Virus Threat for Win32.SQL, as well as the signature and engine information, is available at the following link: Computer Associates • The F-Secure Virus Description for SQL Worm is available at the following link: Virus Description. The November 24, 2001, and later definition updates are available at the following link: F-Secure • … SQL server malwares : Cbalde[5] www.mmAhmadian.ir/
 Spida MS SQL Server worm.  Second MS SQL Server worm.  2002  Exploit blank sa password.  Platforms Affected:  Microsoft SQL Server  Microsoft Windows 2000  Microsoft Windows 2003 Server  Microsoft Windows NT 4.0  Microsoft Windows XP  MSRC bad days.  MS released 12 security bulletins related to SQL Server and SP3 is released.  2 remotely exploitable vulnerabilities.  Worst MS SQL Server year. 14 MS SQL malwares : Spida [5] www.mmAhmadian.ir/
15 MS SQL malwares : Spida [5] www.mmAhmadian.ir/
16 MS SQL malwares : Spida Safeguards [5] www.mmAhmadian.ir/
 Slammer/Sapphire Worm  Third MS SQL Server worm.  2003  The worm was based on proof of concept code demonstrated at the Black Hat Briefings by David Litchfield[3]  Sapphire's spreading strategy is based on random scanning, like Code Red. [2]  Exploits UDP port 1434 buffer overflow.  A patch had been available from Microsoft for six months prior to the worm's launch, but many installations had not been patched – including many at Microsoft[5]  because the SQL Slammer worm was so small in size, sometimes it was able to get through when legitimate traffic was not. [2] 17 MS SQL malwares : Slammer [2,3,4,8] www.mmAhmadian.ir/
more than 90% of vulnerable hosts within 10 minutes![4] 18 What a Propagation ?! MS SQL malwares : Slammer [2,3,4,8] www.mmAhmadian.ir/
19 1. Get inside • masquerades as a single UDP packet • The first byte in the string is “04” • name be at most 16 bytes long and end in “00” • ssnetlib.dll : SQL Server Resolution Service 2. Reprogram the Machine • after opening Slammer's too-long UDP "request" is overwrite its own stack with new instructions that Slammer has disguised as a routine query 3. Choose Victims at Random • targeting another computer that could be anywhere on the Internet. 4. Replicate • Slammer points to its own code as the data to send. 5. Repeat MS SQL malwares : Slammer Steps [2] www.mmAhmadian.ir/
• Outcame • overwhelmed the network with its scanning • denial of service by flooding the network. • it shut down • Bank of America Corp. • ATMs • cancellation of airline flights • blacked out an emergency call center in Seattle. • Safeguard • . Before one hooks up a computer, one should define its function and the services necessary to perform that function. If the computer is not going to be used as a database or web server, then those programs and services should not be running. • Use of the "netstat -an" command on a Windows or Unix machine will let you know what ports are open on your machine. For example, POP3 runs on TCP port 110. If your machine is not running a POP server, this port should not be open. • Use ingress/egress filtering at firewall and/or border router to only allow access to the Internet those ports necessary on that machine for it to perform its function. 20 MS SQL malwares : Slammer [2,3,4,8]
21 • A rootkit is a set of tools used by an attacker after hacking a computer system that hides logins, processes, etc. It is commonly used to hide the operation of an attacker in a compromised system. Rootkits are more widespread in Operating Systems but the idea is applicable to databases too. • Operating Systems and Databases are quite similar in the architecture. • Both have • Users • Processes • Jobs • Executables • … Oracle Rootkits [6] www.mmAhmadian.ir/
22 If a database is a (kind of) operating system, then it is possible to migrate malware (concepts) like viruses or rootkits from the operating system world to the database world. Oracle Rootkits [6]
23 • Implementing an Oracle Database Rootkit then a backdoor:  PL/SQL,  Java  or a combination of both. • Steps  PL/SQL scripts that needs to be run on the Oracle Database server with administrator privileges Run Backdoor Console Oracle Rootkits [6,7] www.mmAhmadian.ir/
24 • Rootkit process:  Hide Database Users  User and roles are stored together in the table SYS.USER$  Hide Processes  Processes are stored in a special view v$session located in the schema SYS  Hide Database Jobs  Oracle jobs are stored in the table SYS.JOB$ Oracle Rootkits [6,7] www.mmAhmadian.ir/
25 www.mmAhmadian.ir/
26 • An auditor, security consultant or security tool normally only checks the table sys.user$. But Oracle is using the table sys.aser$ containing the hidden user. Oracle Rootkits [6,7] www.mmAhmadian.ir/
27 • Steps  PL/SQL scripts that needs to be run on the Oracle Database server with administrator privileges  Run Backdoor Console Oracle Rootkits [6,7] www.mmAhmadian.ir/
28
• We briefly reviewed how databases are hacked specially with the presence of malwares. Beside all the Patches and Updates If we don't protect our databases and monitor it(Services, Protocols, Files and Directories, PortsAuditing and Logging,) sooner or later you will get hacked, this means lot of money loses and in worst case running out of business. • Oracle is a powerful database and there are many possibilities to implement database rootkits in Oracle. With these techniques an attacker (internal/external) can hide his presence in a hacked database. 29 Conclusion www.mmAhmadian.ir/
[1] Imperva report, "Top Ten Database Threats:The Most Significant Risks and How to Mitigate Them",2014 Giuseppe Serazzi and Stefano Zanero,"Computer Virus Propagation Models" [2] Joanne Pilker,"MS SQL Slammer/Sapphire Worm",Global Information Assurance Certification Paper,SANS Institute [3] Leyden, John (6 February 2003). "Slammer: Why security benefits from proof of concept code". Register. Retrieved 2008-11-29. [4] Moore, David et al. "The Spread of the Sapphire/Slammer Worm". CAIDA (Cooperative Association for Internet Data Analysis). [5] Serazzi, Giuseppe & Zanero, Stefano (2004). "Computer Virus Propagation Models". In Calzarossa, Maria Carla & Gelenbe, Erol. Performance Tools and Applications to Networked Systems. Lecture Notes in Computer Science. Vol. 2965. pp. 26–50. [6] Kornbrust, Alexander.“Oracle Rootkits 2.0”. Black Hat 2006 USA, Las Vegas, NV. 02; Aug 06 [7] Dennis Yurichev,"Oracle RDBMS rootkits and other modifications"Blackhat 2005 . [8] "ISS Security Brief: Microsoft SQL Slammer Worm Propagation". ISSForum. 25 January 2003. Retrieved 2008-11-29. [9]X-Force (January 25, 2003). "Peace of Mind Through Integrity and Insight". Neohapsis Archives. Retrieved 2008-11-29. [10] Vern Paxson, Stuart Staniford, and Nicholas Weaver, How to 0wn the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium (Security '02). [11]"SQLExp SQL Server Worm Analysis". DeepSight™ Threat Management System Threat Analysis. Jan 28, 2003. 30 References www.mmAhmadian.ir/
31 Questions? Thanks Home page : www.mmAhmadian.ir/ Weblog : ahmadian.blog.ir

Empfohlen

Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training briefBill Nelson
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfMarco Morana
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 

Empfohlen

Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Penetration and hacking training brief
Penetration and hacking training briefPenetration and hacking training brief
Penetration and hacking training briefBill Nelson
 
Appsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martinAppsec2013 assurance tagging-robert martin
Appsec2013 assurance tagging-robert martindrewz lin
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingMarco Morana
 
Web Application Security and Awareness
Web Application Security and AwarenessWeb Application Security and Awareness
Web Application Security and AwarenessAbdul Rahman Sherzad
 
Isaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfIsaca conference threat_modeling_marco_morana_short.pdf
Isaca conference threat_modeling_marco_morana_short.pdfMarco Morana
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...
Behavior Analysis Of Malicious Web Pages Through Client Honeypot For Detectio...IJERA Editor
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Op2423922398
Op2423922398Op2423922398
Op2423922398IJERA Editor
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling MethodologiesEC-Council
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101Vlad Styran
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksIAEME Publication
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingRochester Security Summit
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Anti malware solution using Machine Learning
Anti malware solution using Machine LearningAnti malware solution using Machine Learning
Anti malware solution using Machine LearningAkash Sarode
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
حفظ حریم خصوصی در خدمات مکان-مبنا
حفظ حریم خصوصی در خدمات مکان-مبناحفظ حریم خصوصی در خدمات مکان-مبنا
حفظ حریم خصوصی در خدمات مکان-مبناM Mehdi Ahmadian
 
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!M Mehdi Ahmadian
 

Weitere ähnliche Inhalte

Was ist angesagt?

website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementMarco Morana
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET Journal
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slidesBassam Al-Khatib
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat ModelingMarco Morana
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling MethodologiesEC-Council
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat ModelingDanny Wong
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitn|u - The Open Security Community
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101Vlad Styran
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksIAEME Publication
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiStonesoft
 
Anti malware solution using Machine Learning
Anti malware solution using Machine LearningAnti malware solution using Machine Learning
Anti malware solution using Machine LearningAkash Sarode
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsCenzic
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 

Was ist angesagt? (20)

website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paper
 
Op2423922398
Op2423922398Op2423922398
Op2423922398
 
Security Compliance Web Application Risk Management
Security Compliance Web Application Risk ManagementSecurity Compliance Web Application Risk Management
Security Compliance Web Application Risk Management
 
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical ApproachIRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
IRJET- Penetration Testing using Metasploit Framework: An Ethical Approach
 
Web applications security conference slides
Web applications security conference slidesWeb applications security conference slides
Web applications security conference slides
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies 6 Most Popular Threat Modeling Methodologies
6 Most Popular Threat Modeling Methodologies
 
7 Steps to Threat Modeling
7 Steps to Threat Modeling7 Steps to Threat Modeling
7 Steps to Threat Modeling
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
 
Evading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploitEvading & Bypassing Anti-Malware applications using metasploit
Evading & Bypassing Anti-Malware applications using metasploit
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
 
Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilities
 
Threat Modeling 101
Threat Modeling 101Threat Modeling 101
Threat Modeling 101
 
Detection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacksDetection and prevention of keylogger spyware attacks
Detection and prevention of keylogger spyware attacks
 
Application Threat Modeling
Application Threat ModelingApplication Threat Modeling
Application Threat Modeling
 
Anti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewskiAnti evasion and evader - klaus majewski
Anti evasion and evader - klaus majewski
 
Anti malware solution using Machine Learning
Anti malware solution using Machine LearningAnti malware solution using Machine Learning
Anti malware solution using Machine Learning
 
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud appsSecurity in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 

Andere mochten auch

حفظ حریم خصوصی در خدمات مکان-مبنا
حفظ حریم خصوصی در خدمات مکان-مبناحفظ حریم خصوصی در خدمات مکان-مبنا
حفظ حریم خصوصی در خدمات مکان-مبناM Mehdi Ahmadian
 
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!M Mehdi Ahmadian
 
قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis
قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis
قلاب سازی در تحلیل بدافزارهاHooking in Malware AnalysisM Mehdi Ahmadian
 
امنیت سیستم های کنترل صنعتی
امنیت سیستم های کنترل صنعتیامنیت سیستم های کنترل صنعتی
امنیت سیستم های کنترل صنعتیM Mehdi Ahmadian
 
Cryptovirology Introduction, SecurityThreats, Safeguards and Countermeasures
Cryptovirology Introduction, SecurityThreats, Safeguards and CountermeasuresCryptovirology Introduction, SecurityThreats, Safeguards and Countermeasures
Cryptovirology Introduction, SecurityThreats, Safeguards and CountermeasuresM Mehdi Ahmadian
 
Malware futureology ahmadian
Malware futureology ahmadianMalware futureology ahmadian
Malware futureology ahmadianM Mehdi Ahmadian
 
صحت جریان کنترل در امنیت اطلاعاتControl Flow Integrity
صحت جریان کنترل در امنیت اطلاعاتControl Flow Integrityصحت جریان کنترل در امنیت اطلاعاتControl Flow Integrity
صحت جریان کنترل در امنیت اطلاعاتControl Flow IntegrityM Mehdi Ahmadian
 

Andere mochten auch (7)

حفظ حریم خصوصی در خدمات مکان-مبنا
حفظ حریم خصوصی در خدمات مکان-مبناحفظ حریم خصوصی در خدمات مکان-مبنا
حفظ حریم خصوصی در خدمات مکان-مبنا
 
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
بررسی امنیتی بیت کوین Is Bitcoin a secure online digital currency?!
 
قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis
قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis
قلاب سازی در تحلیل بدافزارهاHooking in Malware Analysis
 
امنیت سیستم های کنترل صنعتی
امنیت سیستم های کنترل صنعتیامنیت سیستم های کنترل صنعتی
امنیت سیستم های کنترل صنعتی
 
Cryptovirology Introduction, SecurityThreats, Safeguards and Countermeasures
Cryptovirology Introduction, SecurityThreats, Safeguards and CountermeasuresCryptovirology Introduction, SecurityThreats, Safeguards and Countermeasures
Cryptovirology Introduction, SecurityThreats, Safeguards and Countermeasures
 
Malware futureology ahmadian
Malware futureology ahmadianMalware futureology ahmadian
Malware futureology ahmadian
 
صحت جریان کنترل در امنیت اطلاعاتControl Flow Integrity
صحت جریان کنترل در امنیت اطلاعاتControl Flow Integrityصحت جریان کنترل در امنیت اطلاعاتControl Flow Integrity
صحت جریان کنترل در امنیت اطلاعاتControl Flow Integrity
 

Ähnlich wie هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and countermeasures

DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxsiti829412
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real worldMadhu Akula
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdfMarlboroAbyad
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareQuick Heal Technologies Ltd.
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptSilverGold16
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxShivamBajaj36
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?Tomasz Jakubowski
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfdistortdistort
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Hacking databases
Hacking databasesHacking databases
Hacking databasessunil kumar
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSMITRE ATT&CK
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDebra Baker, CISSP CSSP
 
Advanced Threats In The Enterprise
Advanced Threats In The EnterpriseAdvanced Threats In The Enterprise
Advanced Threats In The EnterprisePriyanka Aash
 

Ähnlich wie هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and countermeasures (20)

DBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptxDBMS Vulnerabilities And Threats.pptx
DBMS Vulnerabilities And Threats.pptx
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Threat_Modelling.pdf
Threat_Modelling.pdfThreat_Modelling.pdf
Threat_Modelling.pdf
 
Protecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry RansomwareProtecting Your organization from WannaCry Ransomware
Protecting Your organization from WannaCry Ransomware
 
Web Security
Web SecurityWeb Security
Web Security
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptx
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
How to measure your security response readiness?
How to measure your security response readiness?How to measure your security response readiness?
How to measure your security response readiness?
 
Layer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdfLayer7-WebServices-Hacking-and-Hardening.pdf
Layer7-WebServices-Hacking-and-Hardening.pdf
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Hacking databases
Hacking databasesHacking databases
Hacking databases
 
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOSExploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
Exploring the Labyrinth: Deep dive into the Lazarus Group's foray into macOS
 
Disruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptxDisruptionware-TRustedCISO103020v0.7.pptx
Disruptionware-TRustedCISO103020v0.7.pptx
 
Advanced Threats In The Enterprise
Advanced Threats In The EnterpriseAdvanced Threats In The Enterprise
Advanced Threats In The Enterprise
 

Mehr von M Mehdi Ahmadian

امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...
امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...
امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...M Mehdi Ahmadian
 
Industrial Control System Security Taxonomic Framework with Application to a ...
Industrial Control System Security Taxonomic Framework with Application to a ...Industrial Control System Security Taxonomic Framework with Application to a ...
Industrial Control System Security Taxonomic Framework with Application to a ...M Mehdi Ahmadian
 
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر... امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...M Mehdi Ahmadian
 
امنیت سایبری سیستم‌ های کنترل صنعتی
امنیت سایبری سیستم‌ های کنترل صنعتی امنیت سایبری سیستم‌ های کنترل صنعتی
امنیت سایبری سیستم‌ های کنترل صنعتی M Mehdi Ahmadian
 
امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...
امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...
امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...M Mehdi Ahmadian
 
امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas...
امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas... امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas...
امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas...M Mehdi Ahmadian
 
چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...
چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...
چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...M Mehdi Ahmadian
 

Mehr von M Mehdi Ahmadian (7)

امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...
امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...
امنیت سیستم ها و شبکه های کنترل صنعتی: امن سازی امنیت سیستم ها و شبکه های کن...
 
Industrial Control System Security Taxonomic Framework with Application to a ...
Industrial Control System Security Taxonomic Framework with Application to a ...Industrial Control System Security Taxonomic Framework with Application to a ...
Industrial Control System Security Taxonomic Framework with Application to a ...
 
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر... امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...
امنیت سیستم های کنترل صنعتی : طبقه بندی رخدادهای امنیت سایبری سیستم های کنتر...
 
امنیت سایبری سیستم‌ های کنترل صنعتی
امنیت سایبری سیستم‌ های کنترل صنعتی امنیت سایبری سیستم‌ های کنترل صنعتی
امنیت سایبری سیستم‌ های کنترل صنعتی
 
امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...
امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...
امنیت سیستم های کنترل صنعتی : بررسی اجمالی مستند «آفتاب نهان» از زاویه نشت اط...
 
امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas...
امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas... امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas...
امنیت در سیستم های کنترل صنعتیCyber–Physical Systems Security Challenges(Cas...
 
چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...
چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...
چارچوب تشخیص باجگیرها 2entFOX: A framework for high survivable ransomwares de...
 

Kürzlich hochgeladen

IDENTIFICATION OF THE LIVING- forensic medicine
IDENTIFICATION OF THE LIVING- forensic medicineIDENTIFICATION OF THE LIVING- forensic medicine
IDENTIFICATION OF THE LIVING- forensic medicinesherlingomez2
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)Areesha Ahmad
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryAlex Henderson
 
GBSN - Microbiology (Unit 3)
GBSN - Microbiology (Unit 3)GBSN - Microbiology (Unit 3)
GBSN - Microbiology (Unit 3)Areesha Ahmad
 
Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...
Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...
Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...Mohammad Khajehpour
 
Introduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptxIntroduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptxBhagirath Gogikar
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPirithiRaju
 
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flypumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flyPRADYUMMAURYA1
 
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑Damini Dixit
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...chandars293
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPirithiRaju
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksSérgio Sacani
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Poonam Aher Patil
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLkantirani197
 
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptxSCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptxRizalinePalanog2
 
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...dkNET
 
Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)
Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)
Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)Joonhun Lee
 
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)AkefAfaneh2
 

Kürzlich hochgeladen (20)

IDENTIFICATION OF THE LIVING- forensic medicine
IDENTIFICATION OF THE LIVING- forensic medicineIDENTIFICATION OF THE LIVING- forensic medicine
IDENTIFICATION OF THE LIVING- forensic medicine
 
GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)GBSN - Biochemistry (Unit 1)
GBSN - Biochemistry (Unit 1)
 
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and SpectrometryFAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
FAIRSpectra - Enabling the FAIRification of Spectroscopy and Spectrometry
 
GBSN - Microbiology (Unit 3)
GBSN - Microbiology (Unit 3)GBSN - Microbiology (Unit 3)
GBSN - Microbiology (Unit 3)
 
Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...
Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...
Dopamine neurotransmitter determination using graphite sheet- graphene nano-s...
 
Introduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptxIntroduction,importance and scope of horticulture.pptx
Introduction,importance and scope of horticulture.pptx
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdf
 
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit flypumpkin fruit fly, water melon fruit fly, cucumber fruit fly
pumpkin fruit fly, water melon fruit fly, cucumber fruit fly
 
Site Acceptance Test .
Site Acceptance Test .Site Acceptance Test .
Site Acceptance Test .
 
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
High Profile 🔝 8250077686 📞 Call Girls Service in GTB Nagar🍑
 
CELL -Structural and Functional unit of life.pdf
CELL -Structural and Functional unit of life.pdfCELL -Structural and Functional unit of life.pdf
CELL -Structural and Functional unit of life.pdf
 
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
High Class Escorts in Hyderabad ₹7.5k Pick Up & Drop With Cash Payment 969456...
 
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdfPests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
Pests of cotton_Borer_Pests_Binomics_Dr.UPR.pdf
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disks
 
Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .Factory Acceptance Test( FAT).pptx .
Factory Acceptance Test( FAT).pptx .
 
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRLKochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
Kochi ❤CALL GIRL 84099*07087 ❤CALL GIRLS IN Kochi ESCORT SERVICE❤CALL GIRL
 
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptxSCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
SCIENCE-4-QUARTER4-WEEK-4-PPT-1 (1).pptx
 
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
dkNET Webinar "Texera: A Scalable Cloud Computing Platform for Sharing Data a...
 
Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)
Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)
Feature-aligned N-BEATS with Sinkhorn divergence (ICLR '24)
 
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
COMPUTING ANTI-DERIVATIVES (Integration by SUBSTITUTION)
 

هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and countermeasures

  • 1. Present by : M. M. Ahmadian Supervisor: Dr. Shahriari May 2014 Databases hacking, safeguards and countermeasures Case study : Oracle & SQL server malwares In the name of Allah Home page : www.mmAhmadian.ir/ Weblog : ahmadian.blog.ir
  • 2. 1.Introduction 2.How databases are hacked? 3.Top Ten Database Security Threats 4.SQL Server malwares • Cblade • Spida • Slammer 5.Oracle rootkits 6.Conclusion 7.References 2 Overview www.mmAhmadian.ir/
  • 3. • Databases have the highest rate of breaches among all business assets. • according to the 2012 Verizon Data Breach Report. • 96% of breached are from databases. • databases are at the heart of any organization, storing customer records and other confidential business data. But How are databases so vulnerable to breaches? 3 Introduction to Database Security [1] www.mmAhmadian.ir/
  • 4. 4 How much personal data worth?[1] www.mmAhmadian.ir/
  • 6.  Password guessing / bruteforcing  Passwords and data sniffed over the network • If encryption is not used, passwords and data can be sniffed.  Exploiting misconfigurations • Some database servers are open by default  . Exploiting known/unknown vulnerabilities • Buffer overflows. • SQL Injection. • Etc.  Exploiting SQL Injection on web applications • This is one of the easiest and preferred method that criminals use to steal sensitive information such as credit cards, social security numbers, customer information, etc.  Stealing disks and backup data.  If data files and backed up data are not encrypted, once stolen data can be compromised.  Insiders are a major threat • If they can log in then they can hack the database. 6 How databases are hacked? [2,3] www.mmAhmadian.ir/
  • 7.  Malwares • By email, p2p, IM, CD, DVD, etc. • Once executed • Get database servers and login info • configure connections, Sniffing, etc. • Connect to database servers (try default accounts if necessary). • Steal data (run 0day and install rootkit if necessary). • Find next target • Looking at linked servers/databases. • Looking at connections. • Sniffing. • Send encrypted data back to attacker by email, HTTPS, covert channel, etc.  Installing a rootkit/backdoor • Actions and database objects can be hidden. • Designed to steal data and send it to attacker and/or to give the attacker stealth and unrestricted access at any given time. 7 How databases are hacked?(cons.) www.mmAhmadian.ir/
  • 8. 8 How databases are hacked?(cons.)
  • 9. 9 Top Ten Database Security Threats: 2010 vs. 2013[1] www.mmAhmadian.ir/
  • 10.  Cbalde  dnsservice.exe Worm  2001-2003  First MS SQL Server worm.  With 3 versions 10 SQL server malwares : Cbalde[5] www.mmAhmadian.ir/
  • 11. 11 SQL malwares : Cbalde diagram www.mmAhmadian.ir/
  • 12. 12 • Update current antivirus software programs • Force DBA to change the default configuration. • Restrict access to port 1433 . SQL server malwares : Cbalde[5] www.mmAhmadian.ir/
  • 13. 13 • Install Patches • The Aladdin Virus Alert for Win32.Cblade.a is available at the following link: Virus Alert. The March 2, 2003, virus definitions are available at the following link: Aladdin • The Aladdin Virus Alert for Win32.Cblade.b is available at the following link: Virus Alert. The March 2, 2003, virus definitions are available at the following link: Aladdin • The Computer Associates Virus Threat for Win32.SQL, as well as the signature and engine information, is available at the following link: Computer Associates • The F-Secure Virus Description for SQL Worm is available at the following link: Virus Description. The November 24, 2001, and later definition updates are available at the following link: F-Secure • … SQL server malwares : Cbalde[5] www.mmAhmadian.ir/
  • 14.  Spida MS SQL Server worm.  Second MS SQL Server worm.  2002  Exploit blank sa password.  Platforms Affected:  Microsoft SQL Server  Microsoft Windows 2000  Microsoft Windows 2003 Server  Microsoft Windows NT 4.0  Microsoft Windows XP  MSRC bad days.  MS released 12 security bulletins related to SQL Server and SP3 is released.  2 remotely exploitable vulnerabilities.  Worst MS SQL Server year. 14 MS SQL malwares : Spida [5] www.mmAhmadian.ir/
  • 15. 15 MS SQL malwares : Spida [5] www.mmAhmadian.ir/
  • 16. 16 MS SQL malwares : Spida Safeguards [5] www.mmAhmadian.ir/
  • 17.  Slammer/Sapphire Worm  Third MS SQL Server worm.  2003  The worm was based on proof of concept code demonstrated at the Black Hat Briefings by David Litchfield[3]  Sapphire's spreading strategy is based on random scanning, like Code Red. [2]  Exploits UDP port 1434 buffer overflow.  A patch had been available from Microsoft for six months prior to the worm's launch, but many installations had not been patched – including many at Microsoft[5]  because the SQL Slammer worm was so small in size, sometimes it was able to get through when legitimate traffic was not. [2] 17 MS SQL malwares : Slammer [2,3,4,8] www.mmAhmadian.ir/
  • 18. more than 90% of vulnerable hosts within 10 minutes![4] 18 What a Propagation ?! MS SQL malwares : Slammer [2,3,4,8] www.mmAhmadian.ir/
  • 19. 19 1. Get inside • masquerades as a single UDP packet • The first byte in the string is “04” • name be at most 16 bytes long and end in “00” • ssnetlib.dll : SQL Server Resolution Service 2. Reprogram the Machine • after opening Slammer's too-long UDP "request" is overwrite its own stack with new instructions that Slammer has disguised as a routine query 3. Choose Victims at Random • targeting another computer that could be anywhere on the Internet. 4. Replicate • Slammer points to its own code as the data to send. 5. Repeat MS SQL malwares : Slammer Steps [2] www.mmAhmadian.ir/
  • 20. • Outcame • overwhelmed the network with its scanning • denial of service by flooding the network. • it shut down • Bank of America Corp. • ATMs • cancellation of airline flights • blacked out an emergency call center in Seattle. • Safeguard • . Before one hooks up a computer, one should define its function and the services necessary to perform that function. If the computer is not going to be used as a database or web server, then those programs and services should not be running. • Use of the "netstat -an" command on a Windows or Unix machine will let you know what ports are open on your machine. For example, POP3 runs on TCP port 110. If your machine is not running a POP server, this port should not be open. • Use ingress/egress filtering at firewall and/or border router to only allow access to the Internet those ports necessary on that machine for it to perform its function. 20 MS SQL malwares : Slammer [2,3,4,8]
  • 21. 21 • A rootkit is a set of tools used by an attacker after hacking a computer system that hides logins, processes, etc. It is commonly used to hide the operation of an attacker in a compromised system. Rootkits are more widespread in Operating Systems but the idea is applicable to databases too. • Operating Systems and Databases are quite similar in the architecture. • Both have • Users • Processes • Jobs • Executables • … Oracle Rootkits [6] www.mmAhmadian.ir/
  • 22. 22 If a database is a (kind of) operating system, then it is possible to migrate malware (concepts) like viruses or rootkits from the operating system world to the database world. Oracle Rootkits [6]
  • 23. 23 • Implementing an Oracle Database Rootkit then a backdoor:  PL/SQL,  Java  or a combination of both. • Steps  PL/SQL scripts that needs to be run on the Oracle Database server with administrator privileges Run Backdoor Console Oracle Rootkits [6,7] www.mmAhmadian.ir/
  • 24. 24 • Rootkit process:  Hide Database Users  User and roles are stored together in the table SYS.USER$  Hide Processes  Processes are stored in a special view v$session located in the schema SYS  Hide Database Jobs  Oracle jobs are stored in the table SYS.JOB$ Oracle Rootkits [6,7] www.mmAhmadian.ir/
  • 26. 26 • An auditor, security consultant or security tool normally only checks the table sys.user$. But Oracle is using the table sys.aser$ containing the hidden user. Oracle Rootkits [6,7] www.mmAhmadian.ir/
  • 27. 27 • Steps  PL/SQL scripts that needs to be run on the Oracle Database server with administrator privileges  Run Backdoor Console Oracle Rootkits [6,7] www.mmAhmadian.ir/
  • 28. 28
  • 29. • We briefly reviewed how databases are hacked specially with the presence of malwares. Beside all the Patches and Updates If we don't protect our databases and monitor it(Services, Protocols, Files and Directories, PortsAuditing and Logging,) sooner or later you will get hacked, this means lot of money loses and in worst case running out of business. • Oracle is a powerful database and there are many possibilities to implement database rootkits in Oracle. With these techniques an attacker (internal/external) can hide his presence in a hacked database. 29 Conclusion www.mmAhmadian.ir/
  • 30. [1] Imperva report, "Top Ten Database Threats:The Most Significant Risks and How to Mitigate Them",2014 Giuseppe Serazzi and Stefano Zanero,"Computer Virus Propagation Models" [2] Joanne Pilker,"MS SQL Slammer/Sapphire Worm",Global Information Assurance Certification Paper,SANS Institute [3] Leyden, John (6 February 2003). "Slammer: Why security benefits from proof of concept code". Register. Retrieved 2008-11-29. [4] Moore, David et al. "The Spread of the Sapphire/Slammer Worm". CAIDA (Cooperative Association for Internet Data Analysis). [5] Serazzi, Giuseppe & Zanero, Stefano (2004). "Computer Virus Propagation Models". In Calzarossa, Maria Carla & Gelenbe, Erol. Performance Tools and Applications to Networked Systems. Lecture Notes in Computer Science. Vol. 2965. pp. 26–50. [6] Kornbrust, Alexander.“Oracle Rootkits 2.0”. Black Hat 2006 USA, Las Vegas, NV. 02; Aug 06 [7] Dennis Yurichev,"Oracle RDBMS rootkits and other modifications"Blackhat 2005 . [8] "ISS Security Brief: Microsoft SQL Slammer Worm Propagation". ISSForum. 25 January 2003. Retrieved 2008-11-29. [9]X-Force (January 25, 2003). "Peace of Mind Through Integrity and Insight". Neohapsis Archives. Retrieved 2008-11-29. [10] Vern Paxson, Stuart Staniford, and Nicholas Weaver, How to 0wn the Internet in Your Spare Time, Proceedings of the 11th USENIX Security Symposium (Security '02). [11]"SQLExp SQL Server Worm Analysis". DeepSight™ Threat Management System Threat Analysis. Jan 28, 2003. 30 References www.mmAhmadian.ir/
  • 31. 31 Questions? Thanks Home page : www.mmAhmadian.ir/ Weblog : ahmadian.blog.ir