Detective Challenge

The detective challenge in the online demo is to perform a forensic investigation and identify the SQL attacks mounted against the databases.

The Challenge

The challenge is to use the Core Audit Console to detect 10 different attacks performed during the auditing of the demo. To launch the Core Audit Console, click the button above.
Each of the databases in the demo had the same 10 attacks mounted against it with minor variations. While each database has different policies and reports, all the attacks can be found on any of the databases.
The objective of all the attacks was to compromise the sensitive tables:
  • salaries – an unauthorized read or write to the salaries table on databases running the HRAPP (AIX-11g, Linux32-10g, Windows-11g)
  • cards – an unauthorized read from the cards table on databases running the CCAPP (Linux-11g, Solaris-10g)
The attacks were performed using different users:
  • TOM – The DBA account
  • SYS – The SYS privileged account
  • CCAPP or HRAPP – The application account
To start the challenge, open the Core Audit Web Console in the button above.

Hints & Solutions

To help locate the attacks, you can consult the Attacks Description page. This page lists the details of each attack.
For more assistance in locating the attacks, consult the Detective Guide.