Headshot of Antti Rantasaari

Antti Rantasaari

Linkedin

Sr. Director, Application Security

Antti is both a network and application penetration testing expert. He is a resource for other team NetSPI members and has found numerous zeroday vulnerabilities. Though he started as a network penetration tester, he has become one of NetSPI’s lead application security experts and is a lead contributor to NetSPI’s repeatable web application penetration testing process. He has presented on and created a number of techniques for leveraging database technologies for penetration testing. Antti has an MS in Computer Science from the University of Helsinki in Finland and has over 8 years of computer security consulting experience.

More by Antti Rantasaari

Network Pentesting

SQL Server Link Crawling with PowerUpSQL

Quite a while ago I wrote a blog regarding SQL Server linked servers and a few Metasploit modules to exploit misconfigured links. Using the same techniques, I wrote a few functions for Scott Sutherland’s excellent PowerUpSQL toolkit to allow linked server enumeration after initial access to a SQL Server has been obtained.

Learn More
Web Application Pentesting

Forcing XXE Reflection through Server Error Messages

XML External Entity (XXE) injection attacks are a simple way to extract files from a remote server via web requests. For easy use of XXE, the server response must include a reflection point that displays the injected entity (remote file) back to the client.

Learn More
Web Application Pentesting

Playing with Content-Type – XXE on JSON Endpoints

While a web service may be programmed to use just one of them, the server may accept data formats that the developers did not anticipate. This may result in JSON endpoints being vulnerable to XML External Entity attacks (XXE), an attack that exploits weakly configured XML parser settings on the server.

Learn More
Adversary Simulation

Decrypting MSSQL Credential Passwords

It is possible to decrypt passwords for SQL Server Credentials. I modified the previously released password decryption script a little, namely by just changing the location where the encrypted passwords are stored, and released an updated PowerShell script for Credential decryption.

Learn More
Adversary Simulation

Decrypting MSSQL Database Link Server Passwords

By using the same technique to decrypt SQL Server link passwords, it is possible to decrypt passwords for SQL Server Credentials as well. The previously released password decryption script has been modified and we released an updated PowerShell script for Credential decryption.

Learn More
Network Pentesting

SQL Server – Link… Link… Link… and Shell: How to Hack Database Links in SQL Server!

Microsoft SQL Server allows links to be created to external data sources such as other SQL servers, Oracle databases, excel spreadsheets, and so on. Due to common misconfigurations the links, or “Linked Servers”, can often be exploited to traverse database link networks, gain unauthorized access to data, and deploy shells...

Learn More
Network Pentesting

Adding PowerShell to Web Shells to get Database Access

File upload vulnerabilities and web shells are not a novelty when talking about web application security. It’s not rare to see a web shell result in a full compromise of the web server.

Learn More