Even though I have barely touched oscanner for the last couple of years quite a few apparently still use it as a basic scanner against Oracle. Some have complained a bit about the annoying XML reporting format. Some have complained even more, mostly about the hassle of getting any of the discovered users, passwords and [...]

Unfortunately I couldn’t make Vegas this year. According to friends and the slides I have been going through it looked as if there were quite a few really good and interesting talks this year at both Blackhat and Defcon. I will be attending the first Swedish based Sec-t security conference here in Stockholm which I [...]

My presentation from the Swedish OWASP meeting the other day is now online. I spoke about SQL injection (again), efficient UNION exploitation, OOB channels and DNS-tunneling in MSSql, Oracle and MySQL. The presentation, DNS-server tool and a minimal cheat sheet can be found here. I had a great time and enjoyed meeting friends, colleagues and [...]

I made some minor adjustments and bugfixes to the 0.7 release and released 0.8. MSSQLScan should now support a graceous shutdown when doing a ctrl-break and not skip hosts when running out of sockets. Get it here.

I have released a new tool that can be used to verify password quality against several database engines. Make sure to check it out here.