Evil SQL Client Console: Msbuild All the Things
Evil SQL Client (ESC) is an interactive .net SQL console client that supports enhanced SQL Server discovery, access, and data exfiltration capabilities.
Linux Hacking Case Studies Part 5: Building a Vulnerable Linux Server
This blog will share how to configure your own vulnerable Linux server so you can practice building and breaking at home.
Linux Hacking Case Studies Part 4: Sudo Horror Stories
This blog will cover different ways to approach SSH password guessing and attacking sudo applications to gain a root shell on a Linux system.
Linux Hacking Case Studies Part 3: phpMyAdmin
This blog will walkthrough how to attack insecure phpMyAdmin configurations and world writable files to gain a root shell on a Linux system.
Linux Hacking Case Studies Part 2: NFS
This blog will walk through how to attack insecure NFS exports and setuid configurations in order to gain a root shell on a Linux system.
Linux Hacking Case Studies Part 1: Rsync
This blog will walk through how to attack insecure Rsync configurations in order to gain a root shell on a Linux system.
Analyzing DNS TXT Records to Fingerprint Online Service Providers
In this blog I’ll share a process/script that can be used to identify online service providers used by a target company through domain validation tokens stored in DNS TXT records.
Exploiting SQL Server Global Temporary Table Race Conditions
This blog will walk through how to find and exploit SQL Server global temporary table race conditions to gain unauthorized access to data and execute code.
Bypassing SQL Server Logon Trigger Restrictions
This shows how to bypass SQL Server logon trigger restrictions by spoofing hostnames and application names using lesser known connection string properties.