Monthly Archives: October 2007

MSSQLScan 0.6 release

I finally got to publishing a tool, which due to a number of reasons, has not happened for quite some time now. The MSSQLScan tool scans for Microsoft SQL Server *surprise*. It does so by using UDP which means that it can either discover servers by hitting a broadcast address or by querying each and everyone. This will make sure that you find all instances and servers that no longer use the 1433 TCP port due to dynamic port allocations.

As usual your more than welcome to provide me with feedback, suggestions or bug reports.

T2 Security Conference

I attended the T2 security conference last Friday where I presented a talk on SQL injection and out-of-band channelling. Unfortunately I wasn’t able to stay for the whole conference but the talks I attended were very good. Make sure to check it out next year. Hopefully, I will have a chance to publish my updated slides during this week.