- Penetration Testing
Pentesting as a Service
- Find, validate, and fix vulnerabilities on your web, mobile, and thick applications.Find, validate, and fix vulnerabilities on your AWS, Azure, Google, and Oracle cloud infrastructures.
- Find, validate, and fix vulnerabilities on your internal, external, wireless, and host-based networks.Build a mature security program with AppSec as a Service, program assessments, and threat modeling.
- Perform red and purple team, assumed breach, ransomware, and detective control assessments.Find application security vulnerabilities earlier in your SDLC with SAST, SCR, triaging, and remediation validation.
- Resources
- Read the latest business insights from our thought leaders.Infographics, ebooks, checklists, and more.
- Vulnerability and testing insights from our technical experts.Hear from leaders in the industry.
- Security tools for everyone.Learn from NetSPI’s technical and business experts.
- Your resource for SQL Injection vulnerabilities.
-
Antti Rantasaari
Antti is both a network and application penetration testing expert. He is a resource for other team NetSPI members and has found numerous zeroday vulnerabilities. Though he started as a network penetration tester, he has become one of NetSPI’s lead application security experts and is a lead contributor to NetSPI’s repeatable web application penetration testing process. He has presented on and created a number of techniques for leveraging database technologies for penetration testing. Antti has an MS in Computer Science from the University of Helsinki in Finland and has over 8 years of computer security consulting experience.
March 14th, 2017
SQL Server Link Crawling with PowerUpSQL
Quite a while ago I wrote a blog regarding SQL Server linked servers and a few Metasploit modules to exploit misconfigured links. Using the same techniques, I wrote a few functions for Scott Sutherland’s excellent PowerUpSQL toolkit to allow linked server enumeration after initial access to a SQL Server has been obtained.
May 4th, 2015
Forcing XXE Reflection through Server Error Messages
XML External Entity (XXE) injection attacks are a simple way to extract files from a remote server via web requests. For easy use of XXE, the server response must include a reflection point that displays the injected entity (remote file) back to the client. Below is an example of a common XXE injection request and […]
April 20th, 2015
Playing with Content-Type – XXE on JSON Endpoints
Many web and mobile applications rely on web services communication for client-server interaction. Most common data formats for web services are XML, whether SOAP or RESTful, and JSON. While a web service may be programmed to use just one of them, the server may accept data formats that the developers did not anticipate. This may […]
January 26th, 2015
Decrypting MSSQL Credential Passwords
A while ago I posted a blog on how to decrypt SQL Server link passwords (https://blog.netspi.com/decrypting-mssql-database-link-server-passwords/). By using the same technique it is possible to decrypt passwords for SQL Server Credentials as well. I modified the previously released password decryption script a little, namely by just changing the location where the encrypted passwords are stored, […]
March 5th, 2014
Decrypting MSSQL Database Link Server Passwords
Extracting cleartext credentials from critical systems is always fun. While MSSQL server hashes local SQL credentials in the database, linked server credentials are stored encrypted. And if MSSQL can decrypt them, so can you using the PowerShell script released along with this blog. From the offensive point of view, this is pretty far into post […]
June 6th, 2013
SQL Server – Link… Link… Link… and Shell: How to Hack Database Links in SQL Server!
Microsoft SQL Server allows links to be created to external data sources such as other SQL servers, Oracle databases, excel spreadsheets, and so on. Due to common misconfigurations the links, or “Linked Servers”, can often be exploited to traverse database link networks, gain unauthorized access to data, and deploy shells… Introduction to SQL Server Links […]
April 22nd, 2013
Adding PowerShell to Web Shells to get Database Access
File upload vulnerabilities and web shells are not a novelty when talking about web application security. It’s not rare to see a web shell result in a full compromise of the web server. For example, Metasploit can generate uploadable web payloads that can initiate Metasploit shells. It’s also not that rare that the same web […]
Need a Quote?
Common Questions
What is Penetration Testing as a Service (PTaaS)?
PTaaS is NetSPI’s delivery model for penetration testing. It enables customers to simplify the scoping of new engagements, view their testing results in real time, orchestrate faster remediation, perform always-on continuous testing, and more - all through the Resolve™ vulnerability management and orchestration platform.
Learn More 
Why should I use NetSPI?
Your attack surface is constantly evolving. We help organizations defend against real-world attacks by being the best at simulating real-world, sophisticated adversaries with the products, services, and training we provide. Our historical testing data shows that there is simply no replacement for human-led manual deep dive testing. This level of testing finds the most severe vulnerabilities that tools will never uncover. Our proven methodology ensures that the client experience and our findings aren’t only as good as the latest tester assigned to your project. That consistency gives our customers assurance that if vulnerabilities exist, we will find them. In addition, our Resolve platform delivers automation to ensure our people spend time looking for the vulnerabilities that tools miss. We provide automated and manual testing of all aspects of an organization’s entire attack surface, including external and internal network, application, cloud, and physical security. We know how attackers think and operate, allowing us to help our customers better defend against the threats they face daily.