Monday, June 25, 2007

Reflection on Cesar Cerrudo


This week on reflection we have someone who has done a lot of database research and published several advisories and presented at Blackhat, CanSecWest and ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r conferences on database security. Cesar Cerrudo works for his own company “Argeniss” and has contributed a lot to some of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 databases to be more secure today. He has also identified a lot of vulnerabilities in Microsoft Windows, Microsoft Commerce Server, etc. He is passionate about application security and a big believer in open source community both for software and books. Cesar shares his journey with application security in his own words

"I think I always have had "hacker mind" for calling it in some way, I remember being a child and breaking things to look inside. When I was 10 or so I got my first computer a CZ Spectrum (I don't remember cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 exact model) but it ran BASIC. when I wanted to learn how to use it and to code in BASIC, I went to a place for kids but got bored after many days of being taught PRINT "HOLA MUNDO" only, so I used that computer for games (games were stored on a audio cassette tape and loading cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m required playing it in a cassette player). I learnt few tricks looking at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 guy from a store that recorded games so I started to modify screens when cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 games were loading, I also hacked multilevel games by loading parts of one level and cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 rest from a different level, which for my age was a big deal. After a couple of years I stopped using that computer and I didn’t do anything computer related for several years apart from taking few boring classes of MS DOS, QPRO, Lotus, etc. When I was 19 I started to study Computer Science but I didn't have a PC (cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365y were a bit expensive on this side of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 planet earth) so I only read old books available at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 university and played with a friend's computer, on those days cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 challenge was to try running cool games on old computers, I became an expert in MS DOS :)

I remember one day being very excited because I found cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 assembly code from a MS DOS virus in one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 PC at cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 university, I spent several hours with an old assembly book (thanks Norton-Socha!) until I learnt how cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 virus worked (in cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 process I learnt some x86 assembler without coding it in a PC). After some time I started to work on a client/server software for a couple of different local companies and one of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 companies had internet access so I started using Internet and since I always liked hacking, Internet was a really good source of information so I started to learn something about hacking for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 first time, I was lucky since I had a good academic background on programming, computers, etc. so I didn't end up reading and learning stupid things, but because I had an old PC and no Internet access at home I couldn't test much of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 stuff I learnt. Then I took up a new job where I started using Internet frequently and started trying things in free time, this was like 7 years ago and that was when I started with webappsec. I had worked a lot with MS SQL Server so when I first read about SQL Injection I was really amazed with it and I started to create my own techniques, tools, etc.

That’s when I started to play with MS SQL Server and after some time I found my first vulnerability, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 next one and so on when I realized I had found dozen of vulnerabilities on MS SQL Server, I also learnt how to code exploits and new techniques for finding vulnerabilities, since cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365n I have found several vulnerabilities on MS Windows, Oracle Database Server, etc. I have also created new exploitation and attack techniques. Few years ago I designed and wrote a complete web application scanner for a security company, cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 scanner at that time was better than ocá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365r available web app scanners but because of some patent issues cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 product was stop being sold (hurray for Watchfire!!!). Currently I do research on application security mostly focused on database security and in my spare time I like to hack MS Windows :)

I always try to keep big vendors improving on security, I don't care if I have to publish 0day vulnerabilities or controversial papers in order to accomplish that. I have been offered to write books but cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 only way I can write or contribute in a book is if it will be available for free in some way (electronic, etc.), I know what is not having resources for learning, all people should have easy access to knowledge, books only makes money for cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 editors and people without money can't get cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m."


Based out of Parana, Entre Rios, Argentina, Cesar is 31 years old. Below is a list of his contribution to cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 community


Articles:-

Hacking databases for owning your data
http://www.argeniss.com/research/HackingDatabases.zip

Practical security audit: Oracle case
http://www.argeniss.com/research/10MinSecAudit.zip

WLSI-Windows Local Shellcode Injection
http://www.argeniss.com/research/WLSI.zip

Story of a dumb patch
http://www.argeniss.com/research/MSBugPaper.pdf

Demystifying MS SQL Server & Oracle Database Server security
http://www.argeniss.com/research/SQL-Oracle.zip

Hacking Windows Internals
http://www.argeniss.com/research/hackwininter.zip

Auditing ActiveX Controls
http://www.blackhat.com/presentations/win-usa-04/bh-win-04-cerrudo/bh-win-04-cerrudo.pdf

Hunting Flaws in SQL Server
http://www.appsecinc.com/presentations/Hunting_Flaws_in_SQL_Server.pdf

Manipulating Microsoft SQL Server Using SQL Injection
http://www.appsecinc.com/presentations/Manipulating_SQL_Server_Using_SQL_Injection.pdf


Tools written by him:-

DataThief
http://www.argeniss.com/research/HackingDatabases.zip

Shared section tools
http://www.argeniss.com/research/hackwininter.zip


Contributions:-

WASC - Web Security Threat Classification


Advisories

Microsoft Windows Kernel GDI local privilege escalation procedure
http://www.argeniss.com/research/ARGENISS-ADV-110604.txt
http://www.argeniss.com/research/GDIKernelPoC.c

Oracle Database Server Directory traversal
http://www.argeniss.com/research/ARGENISS-ADV-030501.txt

COM+ Vulnerability
http://www.microsoft.com/technet/security/Bulletin/MS05-051.mspx

COM Structured Storage Vulnerability
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx
http://www.argeniss.com/research/SSExploit.c

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx

Vulnerability in Windows LSASS Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/bulletin/MS04-044.mspx

Multiple vulnerabilities in Oracle Database Server
http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf

Vulnerability in Utility Manager Could Allow Code Execution
http://www.microsoft.com/technet/security/bulletin/MS04-019.mspx

Utility Manager Vulnerability
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx

Biztalk Server Vulnerabilities
http://www.microsoft.com/technet/security/bulletin/MS03-016.asp

Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution
http://www.microsoft.com/technet/security/Bulletin/MS03-042.mspx

Symantec Security Check RuFSI ActiveX Control Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/8008

http://secunia.com/advisories/8924/
Yahoo! Chat and Messenger Hostname Buffer Overflow Vulnerability

Multiple buffer overflows in DBCC and SQL Injections
http://www.appsecinc.com/resources/alerts/mssql/02-0011.shtml

BULK INSERT buffer overflow
http://www.appsecinc.com/resources/alerts/mssql/02-0010.shtml

Encoded password written by service pack
http://www.appsecinc.com/resources/alerts/mssql/02-0009.shtml

Microsoft SQL Server: Buffer Overflows in numerous extended stored procedures
http://www.appsecinc.com/resources/alerts/mssql/02-0000.html

xp_dirtree Buffer Overflow
http://www.appsecinc.com/resources/alerts/mssql/02-0007.shtml

Heterogenous Queries Buffer Overflow
http://www.appsecinc.com/resources/alerts/mssql/02-0008.shtml


Conferences:-

Hacking databases for owning your data - Black Hat Europe 2007
http://www.blackhat.com/

Practical security audit: Oracle case - Black Hat DC 2007
http://www.blackhat.com/

DataTheft - How databases are hacked and how to protect cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365m - No cON Name 2006
http://www.noconname.org/

WLSI - Windows Local Shellcode Injection - Black Hat Europe 2006
http://www.blackhat.com/

WLSI - Windows Local Shellcode Injection - EUSecWest/core06 conference
http://www.eusecwest.com/

Database Hacking and Security - Web Application Security and Hacking
http://www.websec.com.mx/

Demystifying Microsoft SQL Server & Oracle Database Server security - Black Hat USA 2005
http://www.blackhat.com/

Hacking Windows Internals - cansecwest/core05 conference
http://www.cansecwest.com/

Hacking Windows Internals - Bellua Cyber Security Asia 2005
www.bellua.com/bcs2005/

Hacking Windows Internals - Black Hat Europe 2005
http://www.blackhat.com/

Auditing ActiveX Controls - Black Hat Windows 2004
http://www.blackhat.com/

Hunting Flaws in MS SQL Server - Black Hat Windows 2003
http://www.blackhat.com/


Company working for:-

Argeniss


Companies worked for:-

Application Security Inc.


Website:-

http://www.argeniss.com/


Email:-

Cesar<(at)>argeniss<(.)>com


Education:-

Analyst programmer


Cesar is very driven and passionate about application security. One of cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 best in database security. Though he doesn't have a blog right now but you can get all cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 information on his website along with cá cược thể thao bet365_cách nạp tiền vào bet365_ đăng ký bet365 whitepapers and latest on database security.

Last Week – Alex Stamos

Next Week – Dinis Cruz

No comments: