Microsoft’s Latest Windows 10 (Build 14951) Released to Insiders

Windows 10 - SeniorDBA

Windows 10 Redstone 2 build 14951 has been released to the Fast Ring of the Windows Insiders Program with photo additions, Windows Ink features, and an update for the Linux subsystem.

Windows Ink is getting enhancements for PC users as build 14951 adds stencils and a protractor tool. This release also makes it possible for users to ink within photos.

Windows Subsystem for Linux: Today we are happy to announce two large updates to WSL!

  • Official Ubuntu 16.04 support. Ubuntu 16.04 (Xenial) is installed for all new Bash on Ubuntu on Windows instances starting in build 14951.  This replaces Ubuntu 14.04 (Trusty).  Existing user instances will not be upgraded automatically.  Users on the Windows Insider program can upgrade manually from 14.04 to 16.04 using the do-release-upgrade command.
  • Windows / WSL interoperability. Users can now launch Windows binaries directly from a WSL command prompt.  This is the number one request from our users on the WSL User Voice page.  Some examples include:
$ export PATH=$PATH:/mnt/c/Windows/System32
$ notepad.exe
$ ipconfig.exe | grep IPv4 | cut -d: -f2
$ ls -la | findstr.exe foo.txt
$ cmd.exe /c dir

More information can be found on the WSL Blog and the WSL MSDN page. Other changes and more information can be found on the WSL Release Notes page.

Windows 10 ISO Download

Windows 10 - SeniorDBA

To download the ISO media file from Microsoft, you just need an internet connection. You can get this image directly from Microsoft using this official download. You will need a genuine Windows product key during the activation step during or after installation, but that should be a minor issue.

As part of this ISO file offering by Microsoft, the company has also created a relatively small check list of what’s actually required before beginning the download:

  • Make sure you have:
    • An internet connection.
    • Sufficient data storage available on a computer, USB or external drive for the download.
    • A blank USB or DVD (and DVD burner) with at least 4 GB of space if you want to create media. Microsoft recommends using a blank USB or blank DVD, because any content on it will be deleted.
  • Check these things on the PC where you want to install Windows 10:
    • 64-bit or 32-bit processor (CPU). You’ll create either the 64-bit or 32-bit version of Windows 10 that’s appropriate for your CPU. To check this on your PC, go to PC info in PC settings or System in Control Panel, and look for System type.
    • System requirements. See the system requirements before installing Windows 10.
    • Language in Windows. You’ll need to choose the same language when you install Windows 10. To see what language you’re currently using, go to Time and language in PC settings or Region in Control Panel.
    • Edition of Windows. You should also choose the same edition of Windows. To check what edition you’re currently running, go to PC info in PC settings or System in Control Panel, and look for Windows edition.
    • Microsoft Office products. If you just purchased a new device that includes Office 365, Microsoft recommends redeeming (installing) Office before upgrading to Windows 10. If you have Office 2010 or earlier and choose to perform a clean install of Windows 10, you will need to locate your Office product key.

To start the download, visit this page.

MBRFilter helps protect against Ransonware

MBRFilter - SeniorDBA

The Talos team at Cisco Systems has developed an open-source tool that can help protect the master boot record of Windows computers from modification by malicious attacks like ransomware. The tool is called MBRFilter, and it functions as a signed system driver that puts the disk’s sector 0 into a read-only state. It is also available for both 32-bit and 64-bit versions of Windows. The source code has also been published on GitHub.

As Cisco said:

While many ransomware families focus on the encryption of all or portions of a target system’s files others, such as Petya, rely on overwriting the contents of the Master Boot Record (MBR) to force a system reboot then only encrypt the Master File Table (MFT) of the hard drive on infected systems as a way to coerce users into paying the threat actors to retrieve the encryption keys required to decrypt their files.

To help combat ransomware that attempts to modify the MBR, Talos has released a new tool to the open source community, MBRFilter, a driver that allows the MBR to be placed into a read-only mode, preventing malicious software from writing to or modifying the contents of this section of the storage device.

A PowerShell Toolkit for Attacking SQL Server

A SQL Server offensive toolkit called PowerUpSQL is designed for attacking SQL Server instances. The PowerUpSQL module includes functions for SQL Server discovery, auditing for common configuration weaknesses, and finding privilege escalation opportunities. While it is intended to be used during penetration tests, you can also use it for red team engagements.

But don’t think of this tool as just something used to attack your servers. It also includes functions that can be used by administrators to inventory any SQL Server instances on their ADS domain.


  • Create-SQLFileXpDll
  • Get-SQLAuditDatabaseSpec
  • Get-SQLAuditServerSpec
  • Get-SQLColumn
  • Get-SQLColumnSampleData
  • Get-SQLColumnSampleDataThreaded
  • Get-SQLConnectionTest
  • Get-SQLConnectionTestThreaded
  • Get-SQLDatabase
  • Get-SQLDatabasePriv
  • Get-SQLDatabaseRole
  • Get-SQLDatabaseRoleMember
  • Get-SQLDatabaseSchema
  • Get-SQLDatabaseThreaded
  • Get-SQLDatabaseUser
  • Get-SQLFuzzDatabaseName
  • Get-SQLFuzzDomainAccount
  • Get-SQLFuzzObjectName
  • Get-SQLFuzzServerLogin
  • Get-SQLInstanceDomain
  • Get-SQLInstanceFile
  • Get-SQLInstanceLocal
  • Get-SQLInstanceScanUDP
  • Get-SQLInstanceScanUDPThreaded
  • Get-SQLQuery
  • Get-SQLQueryThreaded
  • Get-SQLServerConfiguration
  • Get-SQLServerCredential
  • Get-SQLServerInfo
  • Get-SQLServerInfoThreaded
  • Get-SQLServerLink
  • Get-SQLServerLogin
  • Get-SQLServerPriv
  • Get-SQLServerRole
  • Get-SQLServerRoleMember
  • Get-SQLServiceAccount
  • Get-SQLServiceLocal
  • Get-SQLSession
  • Get-SQLStoredProcedure
  • Get-SQLSysadminCheck
  • Get-SQLTable
  • Get-SQLTriggerDdl
  • Get-SQLTriggerDml
  • Get-SQLView
  • Invoke-SQLAudit
  • Invoke-SQLAuditPrivCreateProcedure
  • Invoke-SQLAuditPrivDbChaining
  • Invoke-SQLAuditPrivImpersonateLogin
  • Invoke-SQLAuditPrivServerLink
  • Invoke-SQLAuditPrivTrustworthy
  • Invoke-SQLAuditPrivXpDirtree
  • Invoke-SQLAuditPrivXpFileexit
  • Invoke-SQLAuditRoleDbDdlAdmin
  • Invoke-SQLAuditRoleDbOwner
  • Invoke-SQLAuditSampleDataByColumn
  • Invoke-SQLAuditWeakLoginPw
  • Invoke-SQLDumpInfo
  • Invoke-SQLEscalatePriv
  • Invoke-SQLOSCmd

PowerUpSQL was designed with six objectives in mind:

  • Easy Server Discovery: Discovery functions can be used to blindly identify local, domain, and non-domain SQL Server instances on scale.
  • Easy Server Auditing: The Invoke-SQLAudit function can be used to audit for common high impact vulnerabilities and weak configurations using the current login’s privileges. Also, Invoke-SQLDumpInfo can be used to quickly inventory databases, privileges, and other information.
  • Easy Server Exploitation: The Invoke-SQLEscalatePriv function attempts to obtain sysadmin privileges using identified vulnerabilities.
  • Scalability: Multi-threading is supported on core functions so they can be executed against many SQL Servers quickly.
  • Flexibility: PowerUpSQL functions support the PowerShell pipeline so they can be used together, and with other scripts.
  • Portability: Default .net libraries are used and there are no dependencies on SQLPS or the SMO libraries. Functions have also been designed so they can be run independently. As a result, it’s easy to use on any Windows system with PowerShell v2 installed.

You can read more about this useful tool here.

Security Through Ignorance

Security - @SeniorDBA

Some people believe that their computer systems are more secure if the person attacking their systems don’t know some facts, like what port their SQL Server instance is using or by not disclosing the written specifications for critical software functions. Those people believe that if malicious attackers don’t know how the system is secured, security will be better. Although this might seem logical, it’s actually easy to see how it is untrue if you think about if for a few minutes. Insider attacks by employees, one of the most common forms of an attack, will already know the port used or how your software works.

The problem with security through ignorance is it just leads to a false sense of security, which is usually much more dangerous than not doing anything at all. Assume you are working with an intelligent attacker, and that your weak half-attempts to secure your systems will delay the attacker all of about 2 minutes. Spend your time and effort for implementing true security measures and you will sleep better each night.

Perform SQL Server Object Level Recovery with Restore

Database Recovery - SeniorDBA

SQL Server is a database management system that stores user information in tables. If the table is corrupted, you may be asked to reload the data one table in the database without changing the contents of other tables. The obvious answer is to restore a backup copy of the database to put the database back to the state the environment was in before the corruption occurred, but the  problem might be that other tables have been updated and the owners of that data don’t want to lose the good data to fix the bad data.

In SQL Server you can perform simple object level recovery by restoring a recent backup of the database to a different database server or instance, the replace the bad data with the data from the restored database. To complete this important task you must have good database backup. If you don’t have a backup taken before the corruption, then you can not perform this action using this method.

Another thing you need to consider is if you need to support this type of activity you must have a target server with enough free drive space to restore your backup. If your database is 1 TB in size, for example, while your backup might be compressed to save space you will need at least 1 TB of free space to restore a copy of your database. A lot of people don’t have that kind of free space readily available, so think about that as your write your incident recovery documentation.

Path Towards Certification

IT Certification - SeniorDBA

If you are an IT professional interested in network security, a certification can be helpful in demonstrating your commitment to the subject matter, regardless of your work experience. In this article by hackingloops, we get some advice on which certification you might need to look at based on the direction of your career and interests.

To succeed in any I.T. discipline, there’s three main things you need: a degree, certifications, and experience. And of those three qualifications, experience reigns king. That said, degrees and certifications certainly have their importance on a resume as well. The problem is that some young go-getters think that college degrees and certifications will propel them to the front of the job-hunting pack, and instantly gratify them with a high salary.

But that isn’t the case, because you need all three factors in order to secure a high paying job. A college degree will certainly help you qualify for better positions, whether you are studying for a Bachelors Degree or a Masters Degree. If you have the time and energy during your studies at a college or university, it would be highly advantageous for you to get a few entry level certifications under your belt (as we’ll discuss next).

If you can land an entry level job out of the gate, then the future is going to be a lot easier, because you’ll have your foot in the door and can start building up the most important qualification: experience. You don’t necessarily need certifications to land an entry level position. However, today’s job market is extremely competitive, and certifications could be the deciding factor between you and another entry level candidate.

Just remember this key distinction: certifications do not guarantee a job position or a salary. Instead, they help show employers that you’re serious enough about your career to pursue certifications on your own and they help validate your knowledge of crucial industry topics and concepts. Nevertheless, now we need to ask ourselves an important question. Where on earth should you begin your certification journey?

  • Comptia A+ – not the most impressive certification, but a great place for newbies with little to no knowledge to start building a foundation of hardware concepts

  • Comptia Security+ – an entry level certification that will help job seekers understand high level security concepts

  • Comptia Network+ – like all Comptia certifications, the Network+ is vendor neutral and serves as an introduction to networking design, operating, configuration, and more

  • Comptia Linux+ – any competent hacker or penetration tester is going to need to know their way around Linux systems, and this cert offers introductory and foundational knowledge regarding the wide world of Linux

  • Entry Level LPI Certifications – there are many various Linux Professional Institute certifications, and they’ll look good on your resume if you need to use network mapping tools, vulnerability scanners, and similar tools from a Linux command line in real world scenarios

  • Cisco CCNA – The CCNA is typically more highly regarded than the Comptia certifications, and serves as the first stepping stone to other Cisco certifications

  • CEH – the Certified Ethical Hacker certification is a great way for future penetration testers to build their skills, though it is a little more challenging than the Comptia examinations