A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


What’s common in Oracle and Samsung? They tried to think differently about crypto. - László Tóth, Ferenc Spala Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

What’s common in Oracle and Samsung? They tried to think differently about crypto. - László Tóth, Ferenc Spala
Derbycon 2013

Description: “The Android phone makers do everything to customize their devices just make sure they are different. Samsung changed something important under the hood. Samsung thinks differently about the android device encryption. In the presentation we show what Samsung changed in their flagship phones compared to vanilla android firmware. We show how you can get the clear text encryption key through adb and not just that. We cannot make a presentation without Oracle hacking, so we show how they tried to think differently and it is also crypto related. Of course everything will be demonstrated and the tools will be released.”

Bio: “László Tóth



László has more than 10 years experience in information security (penetration testing, security audit, incident response). 
As a researcher his focus is Oracle Database security. He published several research papers and tools in this subject. László is the developer of the woraauthbf tool, 
which was one of the fastest Oracle password crackers at the time of its release. He also released several unique research papers about vulnerabilities of the Oracle 
authentication protocols and post-exploitation techniques. His name was mentioned in several CPUs released by Oracle. You can check out the technical deepness of his
 presentations at www.soonerorlater.hu:



Well received presentation at Derbycon 2.0:

Think differently about database hacking

http://www.youtube.com/watch?v=Y1KlVdV9am0

http://soonerorlater.hu/index.khtml?article_id=517

Own research results on Oracle native authentication

http://www.soonerorlater.hu/index.khtml?article_id=511

First description of the Oracle native authentication protocol of Oracle 11g

http://www.soonerorlater.hu/index.khtml?article_id=512

Worauthbf which was the fastest oracle password bruteforcer at the time of the publishing

http://www.soonerorlater.hu/index.khtml?article_id=513

Own research results on Oralce authentication downgrading and publishing the tool pytnsproxy

http://www.soonerorlater.hu/index.khtml?article_id=514

Own research results on oracle post exploitation and TDE (Transparent Database Encryption)

http://www.soonerorlater.hu/index.khtml?article_id=516

Own research result on post exploitation of oracle and oradebug



http://www.soonerorlater.hu/download/hacktivity_lt_2011_en.pdf



Spala Ferenc



Ferenc worked as a security consultant for 6 years. He gave several talks on Hungarian and 
international itsec conferences and workshops. He is also the member of Hacktivity program committee.
 The story of Hacktivity started in 2003 when a group of security experts were looking for a forum to
  meet and share experience and has become the largest and oldest independent Hungarian ethical hacker event.
   He is former blogger of a Hungarian IT security blog called “”Alice and Bob”". He reported several 
   vulnerabilities in different software such as IBM Cognos Business Intelligence.



Well received presentation at Derbycon 2.0:

Think differently about database hacking

http://www.youtube.com/watch?v=Y1KlVdV9am0

http://soonerorlater.hu/index.khtml?article_id=517″




Back to Derbycon 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast