Defcon and Las Vegas was great this year. A number of great presentations, a reporter being chased out from the hotel and my friend ending up on the wall of sheep 😉 As promised I have put my updated presentation online together with the small DNS server used for the demonstration. You can find it here http://www.inspectit.se/dc15.html.
The queries in the end of the presentation are designed in order to work on both SQL Server 2000 and 2005.
As a side note something has changed in xp_dirtree in Microsoft SQL Server 2005 post SP2. Low privileged database users can still run the procedure and it performs DNS resolution, however it returns no results. An OS user being granted the exact same permissions gets the results as expected. The same applies for the xp_fileexists extended procedure.
Oh, and as always, feel free to contact me if you have any questions.