SQLninja denial
Stephen John Smoogen
smooge at gmail.com
Mon Nov 15 18:54:16 UTC 2010
2010/11/15 Máirín Duffy <duffy at fedoraproject.org>:
> On Mon, 2010-11-15 at 11:39 -0500, Eric "Sparks" Christensen wrote:
>> Basically we are protecting ourselves from hackers that can't build
>> from source. We are also preventing IT professionals who want to just
>> yum install a package instead of taking the time to build from source.
>
> Are there IT professionals who use SQLninja?
I know of some. In a former job, I would probably have used it if it
was required to meet the parameters of a test. In general there are at
least 4 fields that these sorts of tools are used:
1) Audit work. This is penetration testing to meet the requirements of
an audit. Does the group protect the data to easily acquired tools?
2) Red Team. This usually goes beyond audit requirements in that you
have been given a "Get out of Jail" card to see what you can acquire
and how long it takes for the "Blue Team" to respond. Usually had to
do this once a year per group.
3) Blue Team. This is where you are getting ready for a Red/Tiger team
visit and want to know how bad things are and what you need to deal
with.
4) Cleanup. System breakins will happen no matter how well you defend
your bunker. Knowing what the tools do, where they leave tracks, and
what could be affected are all needed.
The tool SQLninja does not meet the #1 type rule. It does meet 2,3,4
types as it will be on every auditors usb boot key. However for #2/#3
there are legal/financial risks that the auditor must take upon
themselves (and the management that oks such 'tests'). I am not a
lawyer and not versed on whether such risks are passable to the
distributor or not.
For #4, you run these tools in a 'cleanroom' to see what you can find
out what people are using. The attacks that sqlninja uses are not 0
day ones.. they are ones that if you pay for various licenses you can
get for nessus/metasploit/russian mob.
--
Stephen J Smoogen.
"The core skill of innovators is error recovery, not failure avoidance."
Randy Nelson, President of Pixar University.
"Let us be kind, one to another, for most of us are fighting a hard
battle." -- Ian MacLaren
More information about the advisory-board
mailing list