MS SQL Server is widely used in enterprise networks. Due to its use by third-party applications, support for legacy applications and its use as a database, SQL Server is a treasure trove for attackers. It integrates within an active directory environment very well, which makes it an attractive target for abuse of features and privileges.
In this training, we will see how to attack a SQL Server, not only as an individual service but as a part of the enterprise network. We will discuss the mutual trust which SQL Server has with the domain, its users, and how linked SQL Servers can be abused. We will perform enumeration and scanning, privilege escalation and post-exploitation tasks such as domain privilege escalation, identifying juicy information, command execution, retrieving system secrets, lateral movement, persistence and more.
You will learn:
25% OFF for First 50 Only!
Register for just $149!
4 Hours of Hands-On Demo Videos!
Your Instructor - Nikhil Mittal
Nikhil Mittal has trained and spoken multiple times at conferences such as DEF CON, BlackHat, CanSecWest, Shakacon, TROOPERS, DeepSec, PHDays, Hackfest and others.
Nikhil is a hacker, infosec researcher, speaker, and enthusiast. His area of interest includes penetration testing, attack research, defense strategies and post exploitation research. He has 6+ years of experience in Penetration Testing for his clients which include many global corporate giants. He is also a member of Red teams of selected clients.
He specializes in assessing security risks at secure environments which require novel attack vectors and “out of the box” approach. He has worked extensively on using Human Interface Device in Penetration Tests and PowerShell for post exploitation. He is the creator of Kautilya, a toolkit which makes it easy to use HIDs in penetration tests and Nishang, a post-exploitation framework in PowerShell. In his spare time, Nikhil researches on new attack methodologies and updates his tools and frameworks.
Nikhil also blogs at Lab of Penetration Tester.