Browse archive

Latest news

The CSO perspective on healthcare security and compliance

Form-grabbing rootkit sold on underground forums

Large cyber espionage emanating from India

U.S. DOD decides iPhones and iPads can connect to its networks

Barracuda updates web application firewall

Targeted data stealing attacks using fake attachments

New Mac spyware signed with legitimate Apple Developer ID

Thoughts on the need for anonymity

IT security jobs: What's in demand and how to meet it

Hacking charge stations for electric cars

Threat Profiling Microsoft SQL Server

by David Litchfield - An NGSSoftware Insight Security Research Publication

This paper is written from the perspective of an attacker and shows typical "cursi incursi" for Microsoft SQL Server.

An attacker's location in the application space and/or the network will largely define how they would approach breaking into a SQL Server 2000 machine from a remote location. If their attacks go through SQL Injection via a web server then their 'cursus incursi' will be considerably different from those when direct access can be gained to the SQL Server. Consequently, this paper will be split into four main sections. The first section will cover attacks that do not require the attacker to have a user ID and password for the SQL Server, that is, the attacks are unauthenticated. The second section will cover those attacks that do require authentication; to succeed the user must be logged onto the SQL Server. The third section will consider those attacks that can be launched from a compromised server. The final and fourth section will touch briefly upon attacks via the web using SQL Injection.

Download the paper in PDF format here.