NetSPI Blog

Gabriel Cogar

Gabriel’s primary areas of focus are web application, and thick application penetration testing. He has provided security services to a variety of industries; health care, financial, education, and retail. He also contributes to the research and development of tools used by the NetSPI penetration testing team. Gabriel currently holds several certifications, including the CISSP.

Gabriel Cogar
August 15th, 2017

dataLoc: A POC Tool for Finding Payment Cards Stored in MSSQL

In this blog I’ll be introducing dataLoc, a tool for locating payment cards in MSSQL databases without requiring the presence of keywords. dataLoc would be useful for anyone that would like to check their database for payment card numbers in unexpected places. This could include; DBAs, pen-testers, auditors, and others. dataLoc Overview At its core, […]

Gabriel Cogar
August 2nd, 2017

Identifying Payment Cards at Rest – Going Beyond the Key Word Search

In this blog, I’ll be discussing an approach for locating payment card numbers stored in MSSQL databases without relying on key words for data discovery. To overcome the impracticality of pulling an entire database over the wire for advanced analysis, we’ll focus on using MSSQL’s native capability to filter out items that can’t contain cardholder […]