Author: Margarita Naumova | Microsoft MVP | MCM SQL Server | Data Engineer | MCT The Starting Point: A Login With Nothing Imagine a login just created on your SQL Server instance (especially the one with a weak password). No database access granted. No roles assigned. No permissions of any kind. Here is what it […]
Author: Paula Januszkiewicz, CEO of CQURE & CQURE Academy, Cybersecurity Expert, MVP & RD, MCT Intro Cybersecurity used to have a relatively shared vocabulary. Firewalls. Antivirus. Patching. Perimeter defense. These concepts once formed a common language understood not only by security teams, but also by IT, leadership, and even non-technical stakeholders. Security discussions were simpler, […]
If you were to describe a typical attack scenario on a company in a few steps – from the initial entry point to full infrastructure takeover – what would it look like? First, let me clarify the perception of the attack itself, as it has fundamentals we must first understand. In cybersecurity, there is still a convenient myth that […]
Starting from an exposed SQL Server instance, we demonstrate how weak credentials can be exploited to gain access using a brute-force attack. Once authenticated as the powerful sa account, the attack quickly escalates beyond the database. We show how an attacker can: This episode highlights how small security gaps — like weak passwords and excessive […]
Setting up an EDR is a good first step, but simply having it installed doesn’t mean you’re protected. Many organizations rely on default settings, assuming the tools handle everything automatically. However, modern attackers know exactly how to work around those standard configurations. If your endpoints are invisible to your security team, or if your protection rules aren’t tuned to your specific environment, you’re leaving gaps […]
When you remove a file in Windows, the operating system marks the space as available, but the data often stays behind. By using Sleuthkit’s fls tool and MFTECmd, we can bypass the GUI to read the Master File Table directly. This allows us to see deleted entries and even track the source URL via the Zone.Identifier stream. One of the most critical findings […]
We’re diving into a classic but devastatingly effective exploit path. Many organizations leave their SQL Servers vulnerable through a combination of three simple misconfigurations: a database set to “trustworthy,” an owner with sysadmin rights (like SA), and a low-privilege user with db_owner permissions. By abusing these settings, an attacker can create a stored procedure that […]
The scenario is straightforward: a regular domain user has WRITE permissions on a shared folder. That’s enough to plant a malicious .lnk file pointing to an attacker-controlled SMB server. The moment another user browses that share in File Explorer, the system attempts authentication automatically – and the NETNTLMv2 response is captured. From there, the path […]
In active-duty security, time is your most valuable asset. Most hunters struggle because they try to write a brand-new query for every single alert. This creates a messy library of code that is hard to manage. Kajetan, one of our frontline experts, shows you how to use one “Base Query” as a launchpad for three […]
In active-duty threat hunting, time is the only currency that matters. Most IT professionals struggle with queries bogged down by excessive calculations or filtering applied far too late in the pipeline, creating a bottleneck that can obscure critical indicators of compromise. Kajetan, one of our frontline practitioners, walks through five practical techniques that immediately improve […]
Learn more about our offer in terms of Consulting. Our Cybersecurity Experts perform consulting work on a daily basis, hence we are fully prepared for any challenge.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
