https://hexpysya.github.io/tags/mssql/Recent content in MSSQL on bubka hacks stuffHugo -- gohugo.ioen-usTue, 10 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-bluesky-ransomware/Tue, 10 Mar 2026 00:00:00 +0000https://hexpysya.github.io/investigations/cdef-bluesky-ransomware/An attacker performed a port scan, exploited a Microsoft SQL Server via the sa account, enabled xp_cmdshell to drop and execute a base64-encoded payload, then deployed a multi-stage PowerShell toolkit to disable AV, dump NTLM hashes, perform lateral movement via SMB, and stage the BlueSky ransomware payload.