SQL Injection – Ryan Wendel

Ryan Wendel

My random musings on tech and whatever…

DNS Exfiltration using SQLMap in a Microsoft SQL Environment

Ryan Wendel / February 27, 2020

You may have seen my last post related to DNS exfil in a MS-SQL environment using Burp Suite’s Collaborator tool. I had mentioned that spinning up a DNS infrastructure that allows you to perform DNS exfil outside of this tool can be difficult. I was quickly notified…

Continue Reading→

DNS Exfiltration thru Blind SQL Injection in a MS-SQL Environment

DNS Exfiltration through Blind SQL Injection in a MS-SQL Environment Using Burp Collaborator

Ryan Wendel / February 20, 2020

I had an engagement the other week where I discovered a few instances of Blind SQL Injection in a .NET application with a Microsoft SQL Server (MS-SQL) back-end database system. The underlying account user had “sysadmin” privileges but due to the reservations of my client, I chose…

Continue Reading→


Ryan Wendel currently operates as a penetration testing consultant working for the Dell Secureworks Adversary Group. His primary interests and areas of expertise encompass simulating real-world attacks on web applications and external/internal networks. Outside of his interest in offensive security, Ryan enjoys taking time off to snowboard, lift weights, hike, and enjoy the many delicious craft brews the Denver, CO area has to offer.