I finally got to publishing a tool, which due to a number of reasons, has not happened for quite some time now. The MSSQLScan tool scans for Microsoft SQL Server *surprise*. It does so by using UDP which means that it can either discover servers by hitting a broadcast address or by querying each and [...]

I attended the T2 security conference last Friday where I presented a talk on SQL injection and out-of-band channelling. Unfortunately I wasn’t able to stay for the whole conference but the talks I attended were very good. Make sure to check it out next year. Hopefully, I will have a chance to publish my updated [...]