Scott Sutherland
Scott is currently responsible for the development, and execution of network penetration testing at NetSPI. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests. Scott has been providing IT security services to medium sized to Fortune 50 companies for over 10 years. As an active participant in the information security community, Scott also contributes technical security blog posts, whitepapers, and presentations on a regular basis through NetSPI. Published presentations can be found here. Scott's most recent project is PowerUpSQL.
July 13th, 2017
Attacking SQL Server CLR Assemblies
In this blog, I’ll be expanding on the CLR assembly attacks developed by Lee Christensen and covered in Nathan Kirk’s CLR blog series. I’ll review how to create, import, export, and modify CLR assemblies in SQL Server with the goal of privilege escalation, OS command execution, and persistence. I’ll also share a few new PowerUpSQL […]
May 23rd, 2017
How to get SQL Server Sysadmin Privileges as a Local Admin with PowerUpSQL
In this blog I outline common techniques that can be used to leverage the SQL Server service account to escalate privileges from a local administrator to a SQL Server sysadmin (DBA).
October 11th, 2016
Common Red Team Techniques vs Blue Team Controls Infographic
In this blog, I’ll share an infographic that illustrates some common red team attack workflows and blue team controls. I’ll also include some basic red & blue team tips.
August 5th, 2016
Establishing Registry Persistence via SQL Server with PowerUpSQL
In this blog I’ll show how to use PowerUpSQL to establish persistence (backdoor) via the Windows registry through SQL Server. I’ll also provide a brief overview of the xp_regwrite stored procedure. This should be interesting to pentesters and red teamers interested in some alternative ways to access the OS through SQL Server. An overview of […]
August 4th, 2016
Get Windows Auto Login Passwords via SQL Server with PowerUpSQL
In this blog I’ll show how to use PowerUpSQL to dump Windows auto login passwords through SQL Server via xp_regread.
August 2nd, 2016
Finding Weak Passwords for Domain SQL Servers on Scale using PowerUpSQL
We’ll cover how to use PowerUpSQL to quickly identify SQL logins configured with weak passwords on domain SQL Servers using a standard domain account.
August 2nd, 2016
Finding Sensitive Data on Domain SQL Servers using PowerUpSQL
In this blog I’ll show how PowerUpSQL can be used to rapidly target and sample sensitive data stored in SQL Server databases associated with Active Directory domains.
August 1st, 2016
Blindly Discover SQL Server Instances with PowerUpSQL
In this blog I’ll show how PowerUpSQL can be used to blindly discover SQL Server instances on a system, network, or domain.
July 15th, 2016
PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server
The PowerUpSQL module supports SQL Server instance discovery, auditing for common weak configurations, and privilege escalation on scale.
