How I Would Attack SQL Server
Offered By: PASS Data Community Summit via YouTube
Course Description
Overview
Explore the mindset of a motivated adversary targeting SQL Server in this conference talk from PASS Data Community Summit. Delve into traditional and non-traditional weak points, discovery methods, exploitation techniques, and cover-up strategies. Learn about compensating for unfixable weaknesses through detection and response, and understand how attackers might counter these measures. Gain insights into attack strategies like phishing, spear phishing, and SQL injection. Discover the importance of least privilege, auditing, extended events, and selective neglect in defending against attacks. Understand attacker motivations, including data extraction, sabotage, lateral movement, and system compromise. Acquire practical knowledge on securing both production and non-production environments to keep adversaries at bay.
Syllabus
Introduction
SQL Server Community
Brian Kelley
The Weak Link
Phishing
spear phishing
attack strategy
what can you do
least privilege
auditing
extended events
selective neglect
motivation
extract files
sabotage
lateral movement
compromise
how to keep you out
nonproduction
solution
SQL Injection
Taught by
PASS Data Community Summit
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network