NetsPWN: Assessment Services
In this blog I’ll provide a practical example showing how to use the new authorization bypass and database scraper modules we created to gain unauthorized access to credit card data, social security numbers, and passwords stored in SQL Server.
READ POST
NetsPWN: Assessment Services
For those of you who couldn’t make it to AppSec USA, we’ve put together this blog to provide access to our presentation slides, metasploit modules, and demo videos we released at the conference.
READ POST
NetsPWN: Assessment Services
Unlike previous versions, SQL Server 2008 and 2012 don't provide local system administrators with database administrator rights by default. This was a great idea by Microsoft to reinforce the practices of least privilege and separation of duties. However, in spite of the fact that their heart was in the right place, it was implemented in such a way that any local administrator (or attacker) can bypass the restriction.
READ POST
NetsPWN: Assessment Services
In this blog I’ll provide a few scripts for finding sensitive data quickly in SQL Server. In the future I'll provide scripts for other attacks as well.
READ POST
NetsPWN: Assessment Services
By default, SQL Server Express supports a lot of great options that make it a very practical solution to many business problems. However, it also comes configured with a not so great option that could allow domain users to gain unauthorized access to SQL Server Express instances. In this blog I’ll cover what the issue is, how to attack it, and how to fix it.
READ POST
NetsPWN: Assessment Services
This blog will illustrate how the OSQL and SQLCMD utilities can be used by malicious users to escalate their privileges through SQL Servers and gain unauthorized access to systems and data.
READ POST
NetsPWN: Assessment Services
We put together a revised version of our "When Databases Attack" presentation based on some feedback from the Bsides crowd. It includes some new SQL script examples that should be fun to play with.
READ POST
NetsPWN: Assessment Services
This blog provides an overview of threats and entry points that are commonly leveraged by attackers to gain unauthorized access to databases and systems.
READ POST
NetsPWN: Assessment Services
Antti Rantasaari and I will be delivering our presentation “Escalating Privileges through Database Trusts” at the National OWASP AppSec conference in Irvine, CA on September 10th. We are very excited to have the opportunity to share some the of the common application and database implementation weaknesses we see in the real world.
READ POST
Solutions
Services
About NetSPI
Contact Us
Copyright ©2012 NetSPI Inc. All rights reserved