Browsing tag
Microsoft on Tuesday warned that it recently spotted a malicious campaign targeting SQL Servers that leverages a built-in PowerShell binary to achieve persistence on compromised systems. The intrusions, which leverage brute-force attacks as an initial compromise vector, stand out for their use of the utility “sqlps.exe,” the tech giant said in a series of tweets. […]
Microsoft is rolling out new secure enclave technology for protecting data in use. Microsoft has opened an early access program for a new range of Azure security features it calls “confidential computing”, which protects data even from staff access with access to hardware. The new service’s chief data protection enhancement is to encrypt data while […]
Recently I started playing with the awesome PowerUpSQL tool by guys at NetSPI. I was interested in the ability to attack an Active Directory (AD) environment using access to a SQL Server, that is, not leaving the database layer as long as possible. Fortunately, during a Red team engagement few weeks back, I had a […]
Recently I was given the task of performing command execution on a compromised MSSQL server with the following restrictions: No use of the xp_cmdshell stored procedure. No writing anything to disk. These restrictions matched those of a recent pentest that a member of my team, Lee Christensen (@tifkin_), was involved in. Through my research I […]