Nov
26

Impersonating The Domain Administrator via SQL Server

A recent presentation I gave for 7Safe. It demonstrates how it is possible to fully compromise the domain using a fully patched Microsoft SQL server that has a firewall enabled. Using the SQL server I impersonate the domain administrator account without any passwords or password hashes being known or extracted. It also demonstrates the risk […]

Nov
4

Top 5 Common Issues – Article

A recent article I wrote for 7Safe (November 2010). It is a management level summary of the top 5 most common ways into networks I find when conducting internal infrastructure testing. Click the image below to read the full article. Tweet

Oct
15

Real World Pen Testing Demonstration

A recent hacking presentation I gave in London for 7Safe demonstrating client side exploits, pivot attacks using Metasploit. Tweet