NetSPI Blog

Scott Sutherland

Scott is currently responsible for the development, and execution of network penetration testing at NetSPI. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests. Scott has been providing IT security services to medium sized to Fortune 50 companies for over 10 years. As an active participant in the information security community, Scott also contributes technical security blog posts, whitepapers, and presentations on a regular basis through NetSPI. Published presentations can be found here. Scott's most recent project is PowerUpSQL.

Scott Sutherland
August 2nd, 2016

Finding Sensitive Data on Domain SQL Servers using PowerUpSQL

In this blog I’ll show how PowerUpSQL can be used to rapidly target and sample sensitive data stored in SQL Server databases associated with Active Directory domains.

Scott Sutherland
August 1st, 2016

Blindly Discover SQL Server Instances with PowerUpSQL

In this blog I’ll show how PowerUpSQL can be used to blindly discover SQL Server instances on a system, network, or domain.

Scott Sutherland
July 15th, 2016

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

The PowerUpSQL module supports SQL Server instance discovery, auditing for common weak configurations, and privilege escalation on scale.

Scott Sutherland
April 11th, 2016

Maintaining Persistence via SQL Server – Part 2: Triggers

In this blog, I’ll show how three types of SQL Server triggers can be abused to maintain access to Windows environments.

Scott Sutherland
March 7th, 2016

Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures

In this blog I show how to use SQL Server startup stored procedures to maintain access to Windows environments and share a PowerShell script to automate the attack…

Scott Sutherland
July 31st, 2015

PowerShell Remoting Cheatsheet

I have become a big fan of PowerShell Remoting. I find my self using it for both penetration testing and standard management tasks. In this blog I’ll share a basic PowerShell Remoting cheatsheet so you can too.

Scott Sutherland
July 27th, 2015

Auto-Dumping Domain Credentials using SPNs, PowerShell Remoting, and Mimikatz

In this blog I’ll cover some Mimikatz history and share my script “Invoke-MassMimikatz-PsRemoting.psm1”, which tries to expand on other people’s work.

Scott Sutherland
May 21st, 2015

A Faster Way to Identify High Risk Windows Assets

Thanks to the wonderfulness of Active Directory both red and blue teams can easily identify high risk Windows systems in their environments.

Scott Sutherland
March 16th, 2015

Hacking SQL Server Procedures – Part 4: Enumerating Domain Accounts

Introduction In SQL Server, security functions and views that allow SQL logins to enumerate domain objects should only be accessible to sysadmins. However, in this blog I’ll show how to enumerate Active Directory domain users, groups, and computers through native SQL Server functions using logins that only have the Public server role (everyone). I’ll also […]