Hacking SQL servers is fun. Early this year, I blogged about hacking SQL servers without a password. I used Ettercap to perform a man-in-the-middle attack between a Microsoft SQL server and client. Using Ettercap filters I showed how you can replace a SQL query with...
System hardening is important. Keeping systems in a hardened state is equally important. Good hardening should not only including keeping all the patches up-to-date, but also disabling all unnecessary services. The services that are necessary, must to be configured...
During a recent penetration test, I was hacking away at some packet captures and noticed unencrypted Microsoft SQL Server (MSSQL) traffic. The syntax was unmistakable. At first, I thought this might be a way to capture some authentication credentials. However, MSSQL...
Sometimes when performing a penetration test there are no obvious vulnerabilities. The automated scans return nothing critical. Where most testers might give up, at Anitian, we like to keep going and dig a little deeper. Recently, I was performing a web application...
The curriculum of business schools are filled with case studies of companies that took short cuts to become competitive and accomplished the exact opposite. For the information security world, there is a similar “penny-wise, pound-foolish” behavior in the notorious...
In my travels as a consulting network engineer, I frequently encounter system and network administrators who have never heard of Nmap. This surprises me since Nmap has been around a very long time and used everywhere. Nmap is one of the tools I use most frequently....
