Scott Sutherland
Scott is currently responsible for the development, and execution of network penetration testing at NetSPI. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests. Scott has been providing IT security services to medium sized to Fortune 50 companies for over 10 years. As an active participant in the information security community, Scott also contributes technical security blog posts, whitepapers, and presentations on a regular basis through NetSPI. Published presentations can be found here. Scott's most recent project is PowerUpSQL.
May 4th, 2020
Evil SQL Client Console: Msbuild All the Things
Evil SQL Client (ESC) is an interactive .net SQL console client that supports enhanced SQL Server discovery, access, and data exfiltration capabilities.
March 27th, 2020
Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server
This blog will share how to configure your own vulnerable Linux server so you can practice building and breaking at home.
March 26th, 2020
Linux Hacking Case Studies Part 4: Sudo Horror Stories
This blog will cover different ways to approach SSH password guessing and attacking sudo applications to gain a root shell on a Linux system.
March 25th, 2020
Linux Hacking Case Studies Part 3: phpMyAdmin
This blog will walkthrough how to attack insecure phpMyAdmin configurations and world writable files to gain a root shell on a Linux system.
March 24th, 2020
Linux Hacking Case Studies Part 2: NFS
This blog will walk through how to attack insecure NFS exports and setuid configurations in order to gain a root shell on a Linux system.
March 23rd, 2020
Linux Hacking Case Studies Part 1: Rsync
This blog will walk through how to attack insecure Rsync configurations in order to gain a root shell on a Linux system.
November 18th, 2019
Analyzing DNS TXT Records to Fingerprint Online Service Providers
In this blog I’ll share a process/script that can be used to identify online service providers used by a target company through domain validation tokens stored in DNS TXT records.
November 11th, 2019
Exploiting SQL Server Global Temporary Table Race Conditions
This blog will walk through how to find and exploit SQL Server global temporary table race conditions to gain unauthorized access to data and execute code.
June 27th, 2018
Bypassing SQL Server Logon Trigger Restrictions
This shows how to bypass SQL Server logon trigger restrictions by spoofing hostnames and application names using lesser known connection string properties.