NetsPWN: Assessment Services
I’ve also discovered that non-security executives often seem to think that a pen test is a pen test is a pen test and while this certainly isn’t the case (there is real skill involved in effective penetration testing, as well as the need for a solid process), what’s really frustrating is that it’s often the situation that what people call a pen test is actually a vulnerability assessment or a scan and that drives me nuts.
READ POST
NetsPWN: Assessment Services
In nine out of ten environments at least one account is found configured with a weak password. In this blog I cover the basics of conducting dictionary attacks against Windows systems so you can find them before attackers do.
READ POST
NetsPWN: Assessment Services
...there isn’t a technical control that can prevent a given user from installing a malicious app and accidentally compromising anything from their email to their entire corporate environment.
READ POST
NetsPWN: Assessment Services
In this blog I’ll provide a few scripts for finding sensitive data quickly in SQL Server. In the future I'll provide scripts for other attacks as well.
READ POST
NetsPWN: Assessment Services
By default, SQL Server Express supports a lot of great options that make it a very practical solution to many business problems. However, it also comes configured with a not so great option that could allow domain users to gain unauthorized access to SQL Server Express instances. In this blog I’ll cover what the issue is, how to attack it, and how to fix it.
READ POST
NetsPWN: Assessment Services
This blog will illustrate how the OSQL and SQLCMD utilities can be used by malicious users to escalate their privileges through SQL Servers and gain unauthorized access to systems and data.
READ POST
NetsPWN: Assessment Services
Most enterprise datacenters today house at least a few web servers that support Java Server Pages (JSP). In this blog, I’ll provide two JSP shell code examples and outline five common upload methods that can be used to get the shells onto vulnerable servers in order to execute arbitrary system commands.
READ POST
NetsPWN: Assessment Services
We put together a revised version of our "When Databases Attack" presentation based on some feedback from the Bsides crowd. It includes some new SQL script examples that should be fun to play with.
READ POST
NetsPWN: Assessment Services
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved
