v2.2
Powered by

# SQL server defense

By
Brian Johnson

# Defending against relay attacks from public role abuse

A 7MinSec customer reported this was an effective way to remove the ability for attackers to play games with stored procedures:

USE master;
GO

REVOKE EXECUTE ON OBJECT::dbo.xp_dirtree   FROM PUBLIC;
REVOKE EXECUTE ON OBJECT::dbo.xp_fileexist FROM PUBLIC;
REVOKE EXECUTE ON OBJECT::dbo.xp_cmdshell  FROM PUBLIC;

# Video demo