Monthly Archives: May 2014

I’m Speaking in Columbus June 14th

Free training, free networking and only $10 for lunch. Best you cancel your plans for June 14th and find your way to Columbus, OH.

More details can be found here:

This presentation is similar to the presentation that I delivered at SQL Saturday Detroit.

Hacking SQL Server – A Peek into the Dark Side
The best defense is a good offense. Learn how to practice hacking without going to jail or getting fired. In this presentation we’ll be demonstrating how to exploit weak SQL servers with actual tools of the penetration testing trade. You will learn why the SQL Service is a popular target on your network and how to defend against basic attacks.

Hope to see you there!

Leave a comment

Posted by on May 29, 2014 in PASS


SQL Saturday Detroit 292 Recap

And it is all over way too soon.

I normally don’t like to whine and complain to anyone other than my wife and mom when I am sick, but man, was I sick leading up to this SQL Saturday. I picked up some kind of stomach flu, probably from Vegas the week prior at EMCWorld. The thought crossed my mind about warning people that I might be unable to make it if I got any worse. Fortunately, the sickness passed by Friday morning and I was able to muscle through.

Volunteer Coordinator

Volunteer coordinator sounds fancy but just getting a list from the coordinator and lots of communication. I decided to use that worked well for the Bsides Detroit conference I helped at the previous summer. You can sign up for free and setup tasks lists on different days. Then you simply paste in your list of volunteer emails and they can choose what items they want to volunteer for. Room proctors, registration desk slots and a few miscellaneous tasks added up to 38 tasks the day of the event which was a bit of a bear to enter. Friday, I had one 3 hour task to make sure I had a list of people to help setup the rooms and stuff the bags.

Allowing the volunteers to pick their own tasks is something that I didn’t think would work out that well but actually did. It is much more efficient just to auto-pick all the slots and then do any trades later, but with the help of volunteer spot it was easy to allow them the chance to pick their own so they could attend sessions they wanted to attend. This is the second year so we had some experience on the team which helped this process go smoothly. Two days before the event, while I lay sick in agony, I filled the last 5 or so tasks.

One thing I could improve on is using the report feature they provided. I didn’t think there was one, but there is a giant button on the left side of the UI. Using my giant phablet proved to be a bit more cumbersome than I had anticipated to pull up a list of tasks to find out who was doing what. Printing off that task list and actually taking attendance first thing the day of the event is something I would recommend.


I’m writing to you today nearly a week without coffee or any other substantial form of caffeine. My mental state is surprisingly sound considering I was up to a steady 4 cups a day. I don’t usually start the caffeine intake until around 9 in the morning which was when my presentation started. I was feeling well and no headaches but I did get a couple comments that the presentation was slow at the start which may or may not be related.

I chose to try something I wasn’t sure would work out too well at the start. I showed a 4 minute video from BBC about the honey badger. Not the crazy and dated honey badger doesn’t give a crap video but one I find hilarious and shocking from BBC. It shows how honey badgers escape their confinement no matter how hard the zookeeper tries to keep them cadged. I watch this and can’t help compare hackers to honey badgers. Also, getting that camera in the pen to show how they escape is what I am trying to achieve by showing people how SQL Server is hacked. I intended to use this metaphor throughout my presentation, but I sticking forgot all about it. O well, better luck in Columbus :]

This was the largest room I have spoken to yet with roughly 60 people. The chalkboard was a nice addition which allowed me to illustrate the network which is something I am still working out. I was happy to find out I got the larger room because the previous year the 40 person room was completely packed. I am satisfied with how I did and am really happy to get a large majority of positive feedback and some really good advice from the attendees. My complex demos that require typing all worked and the projector didn’t have any issues so I would say I lucked out.


Even though the event was in the same place as last year we got an upgrade in the classrooms that were available to us. Now furnished with chalkboards and I think we had more seating than the previous year. My session was the first of the day and then Grant Fritchy’s followed in one of the larger rooms. I was in a zombie state so I settle in to the nearest seat and vegitated for a bit. The session was Titled Building a Database Deployment Pipeline and covered reasons to improve and team up database deployments with code deployments. It didn’t really get into the how, other than mention a few tools that I have heard of but am unfamiliar with.

Lunch was in another building which gave me a chance to walk by the vendor tables. They were a bit out of the way and seemed cramped. I wonder what we may have done better in this area. Had the vendors been setup at the beginning of the day that would have been the prime time to get most attendees passing through but from what I hear that wasn’t the case.

I got to see David Klee’s hitch impersonation after lunch. Not sure what happened but he had a terrible looking allergy attack. With some help from Tim Ford and Grant Fritchy he continued on with his session, “How to Argue with Your Infrastructure Admins – and Win”. I do like stories of strife, especially when they don’t involve me. I’m not sure I really got what I expected out of the session but it was enjoyable.

Grant’s session on execution plans is something every SQL Saturday needs. T-SQL and how database internals work can be explained much easier with the GUI view of a query plan. He has some really good advice on how to read query plans.

I walked in late to the T-SQL For Beginning Developers session and sat next to my wife who is a T-SQL absolute beginner. We both felt it was a little too advanced for her. She does have a small amount of experience writing code but doesn’t have any database experience. A lot of the nuances that were covered were not that valuable to her or I. Inserts, Updates, Deletes and Selects with some joins should have been covered more. I see so many 3rd party software products that doesn’t take advantage any functions because they want to support all the major database platforms. The session missed my expectations.


We were expecting a higher turnout this year because the previous year had a bit of a freak snowstorm. But the initial estimates put us a little under last year in attendance. I feel I could have done a better job promoting the event, especially at my place of employment but it just wasn’t in the cards. Overall, the event went very well and I look forward to Columbus and maybe a West Michigan event later this year.

Leave a comment

Posted by on May 23, 2014 in PASS