Scott Behrens and I just got back from speaking about our new tool, BBQSQL, at Defcon. This was the first time speaking at Defcon for both of us and it proved to be one of the most intimidating and rewarding speaking engagements either of us have done.To give a brief recap, BBQSQL is a Blind SQL Injection Exploitation tool. It is designed for speed and versatility – things that many of the currently available tools lack. To achieve versatility, we ask the user to input a lot of details about how she would like to perform the attack. To achieve speed, we use gevent for massive concurrency and attempt to use various algorithms to speed up the guessing of character values.We also focused on writing clean code with detailed comments and thorough documentation, so you can hopefully learn everything you need to know from the github page. If you are feeling adventurous, go ahead and fork the project and we will gladly accept any pull requests. Similarly, if you run into problems or think of an awesome feature, submit an issue and we will try to be as responsive as possible.If you want to check out our slides, you can find them here.