Showing Posts About
Oracle
-
David Alves - 24 Jul 2025
Mapping Oracle’s Forgotten Pathways: Lateral Movement with ORACrawl
This article explores lateral movement in Oracle databases using chained database links - an area with little prior research or tooling. It introduces ORACrawl, a tool that automates discovery and query execution across multiple database link paths, bypassing Oracle’s constraints and enabling deeper security assessments.
- 22 Feb 2019
3D Accelerated Exploitation
The presentation explores the 3D Acceleration feature in VirtualBox as a rich vulnerability research target. Open-source accessibility makes VirtualBox attractive for novice security researchers. The talk discusses exploitation primitives within 3D Acceleration that could potentially enable virtual machine escape without traditional shellcode execution.
- 13 Jun 2018
EQL Injection (not a typo) and Oracle Endeca
EQL injection is a novel attack technique targeting Oracle Endeca search functionality in e-commerce platforms. Attackers can exploit unsecured Endeca search parameters to extract sensitive product information or perform denial of service attacks. The vulnerability stems from improper input validation in Endeca search implementations.