What’s common in Oracle and Samsung? They tried to think differently about crypto. - László Tóth, Ferenc Spala Derbycon 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)
What’s common in Oracle and Samsung? They tried to think differently about crypto. - László Tóth, Ferenc Spala
Derbycon 2013
Description: “The Android phone makers do everything to customize their devices just make sure they are different. Samsung changed something important under the hood. Samsung thinks differently about the android device encryption. In the presentation we show what Samsung changed in their flagship phones compared to vanilla android firmware. We show how you can get the clear text encryption key through adb and not just that. We cannot make a presentation without Oracle hacking, so we show how they tried to think differently and it is also crypto related.
Of course everything will be demonstrated and the tools will be released.”
Bio: “László Tóth
László has more than 10 years experience in information security (penetration testing, security audit, incident response).
As a researcher his focus is Oracle Database security. He published several research papers and tools in this subject. László is the developer of the woraauthbf tool,
which was one of the fastest Oracle password crackers at the time of its release. He also released several unique research papers about vulnerabilities of the Oracle
authentication protocols and post-exploitation techniques. His name was mentioned in several CPUs released by Oracle. You can check out the technical deepness of his
presentations at www.soonerorlater.hu:
Well received presentation at Derbycon 2.0:
Think differently about database hacking
http://www.youtube.com/watch?v=Y1KlVdV9am0
http://soonerorlater.hu/index.khtml?article_id=517
Own research results on Oracle native authentication
http://www.soonerorlater.hu/index.khtml?article_id=511
First description of the Oracle native authentication protocol of Oracle 11g
http://www.soonerorlater.hu/index.khtml?article_id=512
Worauthbf which was the fastest oracle password bruteforcer at the time of the publishing
http://www.soonerorlater.hu/index.khtml?article_id=513
Own research results on Oralce authentication downgrading and publishing the tool pytnsproxy
http://www.soonerorlater.hu/index.khtml?article_id=514
Own research results on oracle post exploitation and TDE (Transparent Database Encryption)
http://www.soonerorlater.hu/index.khtml?article_id=516
Own research result on post exploitation of oracle and oradebug
http://www.soonerorlater.hu/download/hacktivity_lt_2011_en.pdf
Spala Ferenc
Ferenc worked as a security consultant for 6 years. He gave several talks on Hungarian and
international itsec conferences and workshops. He is also the member of Hacktivity program committee.
The story of Hacktivity started in 2003 when a group of security experts were looking for a forum to
meet and share experience and has become the largest and oldest independent Hungarian ethical hacker event.
He is former blogger of a Hungarian IT security blog called “”Alice and Bob”". He reported several
vulnerabilities in different software such as IBM Cognos Business Intelligence.
Well received presentation at Derbycon 2.0:
Think differently about database hacking
http://www.youtube.com/watch?v=Y1KlVdV9am0
http://soonerorlater.hu/index.khtml?article_id=517″
Back to Derbycon 2013 video list