Security

In this post I talk some more about SQL Server 2025’s new PBKDF2 and demo a method to replicate it using T-SQL. Intro Back in June I wrote a post …

In this post I demo two PoCs for SQL injection vulnerabilities fixed in SQL Server 2022 CU20 GDR KB5063814. This August’s Patch Tuesday came with a security patch for SQL …

In this post I explore the impact of SQL Server 2025’s PBKDF2 hashing algorithm on password cracking and compare it with SQL Server 2022. Spoiler: SQL Server 2025’s PBKDF2 hashing …

In this post I clarify some misconceptions that I’ve seen regarding how SQL Server accesses files and potential file access denied errors. Intro This is one of those things that’s …

In this post I demo and explain a few variations of basic SQL injection using PowerShell and SQL Server, while also showing how to address it. What is SQL injection? …

This is a brief post containing a script to grant permissions on functions and stored procedures to a database user or role in SQL Server. Every few months I end …

In this post I’ll cover a quick way to get access to SQL Server when you don’t have a login and don’t know the password for the SA account. I’ve …

In this post I’ll be covering the risks brought on by not securing SQL Server’s service account and setting it to run as a high privileged user. SQL Server’s wealth …

In this post I’ll address improper linked server configurations and their potential impact, as well as recommendations for securing SQL Server linked servers. Linked servers are one of SQL Server’s …

In this post I cover two ways of properly securing xp_cmdshell in SQL Server to avoid unrestricted access to the underlying Windows OS. What’s xp_cmdshell? xp_cmdshell is an extended system …