Maintaining Azure Persistence via Automation Accounts
In every penetration test that involves Azure, we want to escalate our privileges up to a global administrator of the tenant. Once we’ve escalated our privileges in an Azure tenant, we want to have the ability to maintain our access to each subscription and the tenant as a whole. Aside from the benefits of controlling […]
Establishing Registry Persistence via SQL Server with PowerUpSQL
In this blog I’ll show how to use PowerUpSQL to establish persistence (backdoor) via the Windows registry through SQL Server. I’ll also provide a brief overview of the xp_regwrite stored procedure. This should be interesting to pentesters and red teamers interested in some alternative ways to access the OS through SQL Server. An overview of […]
Maintaining Persistence via SQL Server – Part 2: Triggers
In this blog, I’ll show how three types of SQL Server triggers can be abused to maintain access to Windows environments.
Maintaining Persistence via SQL Server – Part 1: Startup Stored Procedures
In this blog I show how to use SQL Server startup stored procedures to maintain access to Windows environments and share a PowerShell script to automate the attack…