Gabriel Cogar
Gabriel’s primary areas of focus are web application, and thick application penetration testing. He has provided security services to a variety of industries; health care, financial, education, and retail. He also contributes to the research and development of tools used by the NetSPI penetration testing team. Gabriel currently holds several certifications, including the CISSP.
August 15th, 2017
dataLoc: A POC Tool for Finding Payment Cards Stored in MSSQL
In this blog I’ll be introducing dataLoc, a tool for locating payment cards in MSSQL databases without requiring the presence of keywords. dataLoc would be useful for anyone that would like to check their database for payment card numbers in unexpected places. This could include; DBAs, pen-testers, auditors, and others. dataLoc Overview At its core, […]
August 2nd, 2017
Identifying Payment Cards at Rest – Going Beyond the Key Word Search
In this blog, I’ll be discussing an approach for locating payment card numbers stored in MSSQL databases without relying on key words for data discovery. To overcome the impracticality of pulling an entire database over the wire for advanced analysis, we’ll focus on using MSSQL’s native capability to filter out items that can’t contain cardholder […]