Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Wednesday, January 28 • 3:00pm - 4:00pm
SQLViking: Pillaging your Data

Sign up or log in to save this to your schedule and see who's attending!

On every network there are is a set of highly desired assets which every pentester strives to compromise. One of those assets are databases which house sensitive information. The default settings of most databases are to communicate over unencrypted channels. Because of this, why bother attempting to compromise the database server itself when all the information you could ever want is already flying over the wire? SQLViking is a tool which takes advantage of this in two ways. The first piece, dubbed 'scout,' passively sits on a network segment logging any SQL queries it sees and and the corresponding result set. The active piece, called 'pillage,' leverages TCP injection for executing arbitrary SQL queries without credentials. SQLViking is available as a standalone python tool and can be easily loaded onto a small device with a LAN tap such as a Raspberry Pi for physical pentests. The tool is still very much in the beta testing stages and only supports the MySQL and SQL Server (Tabular Data Stream) network protocols at this time. We're also investigating ways to increase the likelihood of a successful TCP injection attack on very busy networks.

Speakers
JC

Jonn Callahan

CGI Federal
Jonn Callahan has spent the last two years rooting out web application flaws both at the source code level and dynamically. When not actively researching whatever topic has piqued his interest, he's losing money on the cryptocoin market and getting beat up by his two dogs.
avatar for Ken Toler

Ken Toler

Senior Application Security Consultant, nVisium
Ken Toler is a Senior Application Security Consultant at nVisium specializing in web application penetration testing and static analysis in Ruby, Java, and .NET. He also comes with a network security background and has worked closely with growing startups in the DC area.


Wednesday January 28, 2015 3:00pm - 4:00pm
Annenberg Community Beach House: Track 2 415 Pacific Coast Hwy, Santa Monica, CA 90402

Attendees (4)