Press "Enter" to skip to content

Category: Security

Homoglyphs and Code Oddities

Published 2022-03-25 by Kevin Feasel

Paul Harrison explains how homoglyphs can cause potential issues:

This article will walk through homoglyphs and a proposed type of attack that I have not yet seen in the wild, but I presume has occurred. Every programming language I’m aware of is impacted but I don’t know every programming language, so I’ll stick to PowerShell for the proofs of concepts below. I’ll also show code that I wrote to detect this vulnerability in PowerShell code which can be built upon to create scanners for other languages. The problems I present here can be detected if proper unit testing is in place. I don’t like writing unit tests either, but this is me Pestering you to consider adding unit testing to your pipeline.

Homoglyphs can definitely make it harder to perform code reviews and analyses, particularly when dealing with a malicious actor.

Comments closed

Failure to Write to the Security Event Log

Published 2022-03-24 by Kevin Feasel

Sean Gallardy files events to the circular file:

Getting back on track instead of listening to me complain, many DBA’s and internal security folks like writing to the Windows Security Event Log because the word security is in the name and they have some tool like Splunk that automatically collects these details. I like automation, so that’s a nice win. However, you may be running into SQL Server error 33204 which is a failure to write an audit event to the security event log.

Read on to find one reason why this might happen.

Comments closed

Setting Powershell’s TLS Version

Published 2022-03-21 by Kevin Feasel

Frank Gill updates TLS:

I was recently working on a client server and need to install the Az PowerShell module. I opened and administrator window and typed

Install-Module Az

and received this error:

WARNING: Unable to find module repositories.

Turns out that was not the real answer. Click through to see what Frank ended up needing to do.

Comments closed

Creating a Trust between On-Prem AD and AWS Directory Service

Published 2022-03-16 by Kevin Feasel

Tom Collins makes a connection:

Most SQL Servers use a large portion of the authentication as Windows Authentication – utilising Kerberos and NTLM protocols via Active Directory. So when it comes to considering moving on-prem SQL Server resources to Cloud Providers – Active Directory is a foundational question.    There are other methods than Microsoft Directory – which I’ll discuss in future posts.

Utilising AWS RDS SQL Server with Windows Authentication methods is only possible using the AWS Directory Service.  i.e The AWS RDS SQL Server is created and added as a resource to the AWS Directory Service . If on-prem users require access to the AWS RDS SQL Server via Kerberos , a forest trust is required between the AWS Directory Service and the on-prem AD. 

For this post – the focus is on an existing on-premises SQL Server inventory using Microsoft Active Directory Services.

Read on to see what you’d need to do to implement this.

Comments closed

Working with SIDs in Powershell

Published 2022-03-15 by Kevin Feasel

Jeffery Hicks translates security identifiers:

As usually happens during my day, I get sidetracked to another issue, and before you know it, I have a new PowerShell tool. In this instance, I was looking at event logs using Get-WinEvent. One of the event record properties is a UserID.

That’s very nice, but who is this? In this particular instance, the UserID property is SecurityIdentifier object.

Read on to see how to translate a SecurityIdentifier into something human-understandable.

Comments closed

Stringing Azure Data Factory between VNets

Published 2022-03-08 by Kevin Feasel

Ahmed Mahmoud performs networking wizardry:

Customer wants to connect Azure Data Factory on one subscription to an Azure SQL Server on Virtual Machine (SQL VM) on another subscription. check out the architecture diagram below for more clarification.

Click through for that diagram as well as the process. And between VNet peering and Private Link, I believe (but could be wrong in saying) the traffic would never leave Azure-hosted machines even when it transits between subscriptions.

Comments closed

Database Offline Works but Online Permissions Failure

Published 2022-03-08 by Kevin Feasel

David Alcock unravels a mystery:

I was browsing the SQL Server subreddit earlier where someone had posted a problem where they’d been able to take a database offline but couldn’t bring the database back online via a script or the UI in SSMS (full thread here).

There’s a bit of a back story; all the DBA’s have left the business (facepalm) so a non-DBA has been left with the admin type tasks. Secondly the reason the database was being taken offline was to take physical backups of the databases mdf and ldf files (double facepalm).

That is its own issue but read on for the problem at hand.

Comments closed

Restoring a TDE-Enabled Database Backup to another SQL Server

Published 2022-03-03 by Kevin Feasel

Tom Collins has a backup to restore:

I have a SQL Server with TDE enabled and the user databases are TDE configured. I need to take a backup and restore the TDE enabled database to another SQL Server Instance . Could you take me through the steps  including prerequisites?

The answer is yes. And Tom is so kind as to show the answer rather than giving a flippant response, which is my modus operandi.

Comments closed

Authenticating with s5cmd

Published 2022-02-25 by Kevin Feasel

Anthony Nocentino has the need for speed. And authentication:

At work, I get to work with some fantastic tech that pushes the boundaries of performance. I needed to do some performance testing from a Windows server into a FlashBlade using s3. I reached out to a colleague of mine, Joshua Robinson, who told me about s5cmds5cmd is a very fast, parallel s3 compatible command-line client.

Check out Joshua’s post for some performance numbers. Here’s a direct quote from his post.

But it doesn’t matter how fast it is if you can’t connect, so Anthony shows us how to do just that.

Comments closed