NetSPI Blog

Scott Sutherland
October 11th, 2016

Common Red Team Techniques vs Blue Team Controls Infographic

In this blog, I’ll share an infographic that illustrates some common red team attack workflows and blue team controls. I’ll also include some basic red & blue team tips.

Scott Sutherland
August 5th, 2016

Establishing Registry Persistence via SQL Server with PowerUpSQL

In this blog I’ll show how to use PowerUpSQL to establish persistence (backdoor) via the Windows registry through SQL Server. I’ll also provide a brief overview of the xp_regwrite stored procedure. This should be interesting to pentesters and red teamers interested in some alternative ways to access the OS through SQL Server. An overview of […]

Scott Sutherland
August 4th, 2016

Get Windows Auto Login Passwords via SQL Server with PowerUpSQL

In this blog I’ll show how to use PowerUpSQL to dump Windows auto login passwords through SQL Server via xp_regread.

Scott Sutherland
August 2nd, 2016

Finding Weak Passwords for Domain SQL Servers on Scale using PowerUpSQL

We’ll cover how to use PowerUpSQL to quickly identify SQL logins configured with weak passwords on domain SQL Servers using a standard domain account.

Scott Sutherland
August 2nd, 2016

Finding Sensitive Data on Domain SQL Servers using PowerUpSQL

In this blog I’ll show how PowerUpSQL can be used to rapidly target and sample sensitive data stored in SQL Server databases associated with Active Directory domains.

Scott Sutherland
August 1st, 2016

Blindly Discover SQL Server Instances with PowerUpSQL

In this blog I’ll show how PowerUpSQL can be used to blindly discover SQL Server instances on a system, network, or domain.

Karl Fosaaen
July 21st, 2016

Attacking Federated Skype for Business with PowerShell

Federated Skype for Business is a handy way to allow businesses to communicate with each other over a common instant messaging platform. From a security standpoint, the open exchange of information between businesses is a little concerning. NetSPI first started running into instances of federated Skype for Business (at that time Lync) about two years […]

Scott Sutherland
July 15th, 2016

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

The PowerUpSQL module supports SQL Server instance discovery, auditing for common weak configurations, and privilege escalation on scale.

Karl Fosaaen
May 3rd, 2016

Using PowerShell to Identify Federated Domains

The Economy of Mechanism – Office365 SAML assertions vulnerability popped up on my radar this week and it’s been getting a lot of attention. The short version is that you could abuse the SAML authentication mechanisms for Office365 to access any federated domain.  It’s a really serious and interesting issue that you should totally read […]