How I Would Attack SQL Server
Offered By: PASS Data Community Summit via YouTube
Course Description
Overview
Explore the mindset of a motivated adversary targeting SQL Server in this conference talk from PASS Data Community Summit. Delve into traditional and non-traditional weak points, discovery methods, exploitation techniques, and cover-up strategies. Learn about compensating for unfixable weaknesses through detection and response, and understand how attackers might counter these measures. Gain insights into attack strategies like phishing, spear phishing, and SQL injection. Discover the importance of least privilege, auditing, extended events, and selective neglect in defending against attacks. Understand attacker motivations, including data extraction, sabotage, lateral movement, and system compromise. Acquire practical knowledge on securing both production and non-production environments to keep adversaries at bay.
Syllabus
Introduction
SQL Server Community
Brian Kelley
The Weak Link
Phishing
spear phishing
attack strategy
what can you do
least privilege
auditing
extended events
selective neglect
motivation
extract files
sabotage
lateral movement
compromise
how to keep you out
nonproduction
solution
SQL Injection
Taught by
PASS Data Community Summit
Related Courses
Doing More with Less - The Challenges Ahead for Every Data ProfessionalPASS Data Community Summit via YouTube Build a Modern Data Strategy and Put Your Data to Work
PASS Data Community Summit via YouTube Transform Your Data Estate
PASS Data Community Summit via YouTube Azure SQL and SQL Server 2022 - Intelligent Database Futures
PASS Data Community Summit via YouTube SQL Server in Azure Virtual Machines Reimagined
PASS Data Community Summit via YouTube