Enterprise Security: The wood for the trees?

We have been talking a fair bit over the past few years on what we consider to be some of the big, hidden challenges of information security [1][2][3]. We figured it would be useful to highlight one of them in particular: focusing on the right things. As infosec creeps past its teenage years we’ve found ourselves with a number of accepted truths and best practices. These were well intentioned and may hold some value (to some orgs), but can often

Continue Reading

Stripping encryption from Microsoft SQL Server authentication

“Communication flow in the TDS 4.2 protocol” [msdn] Our recent PyConZA talk had several examples of why Python is often an easy choice of language for us to quickly try things out. One example came from looking at network traffic of a client authenticating with Microsoft SQL Server (in order to simulate the server later). By default, we can’t see what the authentication protocol looks like on the wire because the traffic is encrypted. This post is a brief account

Continue Reading

Site Footer

Authored with 💚 by Thinkst