http://www.cqure.net/wp Tue, 19 May 2009 19:56:41 +0000 http://backend.userland.com/rss092 en ... since a while back and actually managing to post some tweets every now and then. I'm attaching a link to my profile. http://www.cqure.net/wp/2009/05/im-on-twitter/ I must say that I am somewhat surprised that people still use the smbat suite for Windows security testing. Since I am doing most Windows testing from Windows now a days I have found myself using alternative tools instead. I have recieved numerous of questions over time regarding compilation problems, the ... http://www.cqure.net/wp/2009/05/smbat-clk_tck-patch/ Even though I have barely touched oscanner for the last couple of years quite a few apparently still use it as a basic scanner against Oracle. Some have complained a bit about the annoying XML reporting format. Some have complained even more, mostly about the hassle of getting any of ... http://www.cqure.net/wp/2008/09/extracting-information-from-oscanner-reports/ Unfortunately I couldn't make Vegas this year. According to friends and the slides I have been going through it looked as if there were quite a few really good and interesting talks this year at both Blackhat and Defcon. I will be attending the first Swedish based Sec-t security conference here ... http://www.cqure.net/wp/2008/08/preparing-for-sec-t/ My presentation from the Swedish OWASP meeting the other day is now online. I spoke about SQL injection (again), efficient UNION exploitation, OOB channels and DNS-tunneling in MSSql, Oracle and MySQL. The presentation, DNS-server tool and a minimal cheat sheet can be found here. I had a great time and enjoyed meeting friends, ... http://www.cqure.net/wp/2008/05/owasp-sweden-meeting-20080527/ I made some minor adjustments and bugfixes to the 0.7 release and released 0.8. MSSQLScan should now support a graceous shutdown when doing a ctrl-break and not skip hosts when running out of sockets. Get it here. http://www.cqure.net/wp/2008/05/mssqlscan-08-released/ I have released a new tool that can be used to verify password quality against several database engines. Make sure to check it out here. http://www.cqure.net/wp/2008/05/new-tool-dbpwaudit/ I have released a new version of my MSSQLScan tool. It contains fixes for running out of sockets when scanning large networks with low timeouts and re-scheduling of unsuccesful probes. Let me know how/if it works and please send me bug reports. http://www.cqure.net/wp/2008/05/mssqlscan-version-07-released/ I have launched a new blog with "random thoughts about random things" ... The reason why I'm launching a new site when barely keeping up with this one is that I want to keep this one security oriented while the new one a bit more "random". The new blog can ... http://www.cqure.net/wp/2008/04/new-blog/ I have been experimenting with SQL-injection and information enumeration through error messages for a while. The idea was to simplify the process of extracting data so that very little application logic would be needed to perform the task. Ideally a simple 3-5 line bash-script wrapping wget or curl should do the ... http://www.cqure.net/wp/2007/11/simplifying-enumeration-by-error-messages/