Tuesday 19 November 2013

Hunting and Hacking MSSQL Servers - Published Article on PenTestMag.com

Me and my colleague wrote an article about how to pentest MSSQL end to end. As pentesters, we are always constantly researching on how to make our lives easier when performing ethical hacking engagements structurally and ensure that all possible methods are used based on methodologies such as OSSTMM.

We spent about a week browsing through the web and compile what could be done to properly assess a MSSQL server/services and sat down and test it on our testing servers (knowing that most customers do not allow us to exploit the systems).

So once we wrote the article, we send it to PenTestMag.com for review and cross our fingers hoping it will be reviewed and accepted. Fair enough, upon review, we had to elaborate, add, edit and explain the methods used so it will be easy for readers to understand and technically possible to follow on a step by step basis.

Hence, after all our hard work, it was finally accepted and a month later, it got published! So ladies and gentlemen, i present you some snapshots of the article! :)



The cover of the magazine


My Colleague and myself on the cover!

The content page


The first page of the article


The end of the article and our brief bio.


The article can be downloaded at:




No comments:

Post a Comment