Defcon 15

Defcon and Las Vegas was great this year. A number of great presentations, a reporter being chased out from the hotel and my friend ending up on the wall of sheep 😉 As promised I have put my updated presentation online together with the small DNS server used for the demonstration. You can find it here http://www.inspectit.se/dc15.html.

The queries in the end of the presentation are designed in order to work on both SQL Server 2000 and 2005.

As a side note something has changed in xp_dirtree in Microsoft SQL Server 2005 post SP2. Low privileged database users can still run the procedure and it performs DNS resolution, however it returns no results. An OS user being granted the exact same permissions gets the results as expected. The same applies for the xp_fileexists extended procedure.

Oh, and as always, feel free to contact me if you have any questions.

This entry was posted in cqure.net on by .

About Patrik Karlsson

Patrik Karlsson created cqure.net in 2001 as a way of assisting security professionals around the globe with the necessary tools for improving security in IT-systems. Patrik has developed all of the tools that are published on the site, he also maintains and improves them on a somewhat regular basis.