Create C2 Native Auditing for SQL Server

Audit Trace Procedure _____________________ 1. Enable C2 Auditing from DB Options. 2. Restart SQL Server. 3. Check Location of Audit Logs in MSSQL folder in C:\ 4. Create AuditDB database with log and datafile in location D:\ 5. Create temp_trc table in AUDITDB database using below command : use auditdb SELECT IDENTITY(int, 1, 1) AS … Continue reading Create C2 Native Auditing for SQL Server

Advertisements

Install SQL Server 2019 on Docker

Shadabs-MacBook-Pro-2:~ shadab:~$ sudo docker pull mcr.microsoft.com/mssql/server:2019-CTP2.1-ubuntu 2019-CTP2.1-ubuntu: Pulling from mssql/server Status: Downloaded newer image for mcr.microsoft.com/mssql/server:2019-CTP2.1-ubuntu Check the new image: Shadabs-MacBook-Pro-2:~ shadab:~$ sudo docker images REPOSITORY TAG IMAGE ID CREATED SIZE mcr.microsoft.com/mssql/server 2019-CTP2.1-ubuntu 25b86ffb3a95 3 weeks ago 1.71GB Docker container: Shadabs-MacBook-Pro-2:~ shadab:~$ sudo docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=P@ssw0rd123$#' \ > -p 1433:1433 --name sqlserver19 … Continue reading Install SQL Server 2019 on Docker

Microsoft SQL Server Clustering – Advanced Interview Questions

A very good list of SQL Server Advanced Interview Questions on Clustering   SQL interview questions & answers on SQL Server Failover Clusters - I https://www.sqlshack.com/sql-interview-questions-answers-on-sql-server-failover-clusters-i/   SQL interview questions & answers on SQL Server Failover Clusters – II https://www.sqlshack.com/sql-interview-questions-answers-on-sql-server-failover-clusters-ii/

Enable TDE (Transparent Data Encryption) for SQL Server 2016

Transparent Data Encryption is a encryption method for encrypting database files at rest. This method is native to the DB engine and is one of the most best methods to encrypt your data files to ensure performance doesn't take a hit. SQL Server and Oracle both support TDE natively on its database engine. Now let … Continue reading Enable TDE (Transparent Data Encryption) for SQL Server 2016

APEX Basic REST authentication

Christoph's 2 Oracle Cents

To prevent unauthorized access to your REST modules, APEX provides an easy, declarative way of adding basic authentication. This method utilizes APEX user accounts and RESTful Service Privileges. In order not to expose passwords, you should make sure to enable SSL/HTTPS!

First edit an existing APEX user account, and add the RESTful Services group to that user.  In our example we’ll edit the APEX user SCOTT. To do this, navigate to Manage Users and Groups in the workspace where your REST modules are, edit a user, and assign the group in the Group Assignments region:

group_assignment

Next create the RESTful Service Privilege by navigating to RESTful Services in the SQL Workshop. In the Tasks sidebar on the right, click the RESTful Service Privilege link.

rsvc_priv

Fill out the form and select the modules you want to protect, by shuttling them to the right in Protected Modules.

rsvc_details

That’s it! Everything under the…

View original post 50 more words

PowerUpSQL: A PowerShell Toolkit for Discovering SQL Server Vulnerabilties

PowerUpSQL is an amazing tool to audit your SQL Server instances. Not only does it do discovery of SQL Server on your AD but can also help identify common SQL Server vulnerabilities. It can be download from below 2 links https://github.com/NetSPI/PowerUpSQL https://www.powershellgallery.com/packages/PowerUpSQL/ For More information on how to user PowerUpSQL goto below link: https://blog.netspi.com/powerupsql-powershell-toolkit-attacking-sql-server/

Powershell – Part 4 – Arrays and For Loops

Tome's Land of IT

Arrays

For those that have never worked with arrays here’s a great way to understand them:  If a variable is a piece of paper then the stack of papers is an array.  It’s a list of variables or objects, and every programming/scripting language has ways to store these variables or objects linearly so you can access them later via a number of different methods.

So let’s look at how we can create an array of string objects in powershell:

$array = @("test1", "test2", "test3")$array

You can also add an element to the end of an array:

$array = @("test1", "test2", "test3")$array += "test4"$array

You can also add arrays together:

$array = @("test1", "test2", "test3")
$array2 = @("test4", "test5")
$array = $array + $array2
$array

You can access an element of an array if you know the index number of the element you want.  Arrays are indexed by…

View original post 642 more words