YoVDO

Beyond XP Cmdshell - Owning the Empire through SQL Server

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Penetration Testing Courses Offensive Security Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore advanced SQL Server exploitation techniques in this 27-minute conference talk from Derbycon 7. Delve into topics such as attack flow, SQL audit disabling, extended stored procedures, CLR, automation procedures, agent jobs, machine learning, and file autoruns. Gain insights into cheat sheets, future research directions, Empire modules, and new techniques for leveraging SQL Server vulnerabilities. Learn how to go beyond xp_cmdshell and potentially compromise entire networks through SQL Server misconfigurations and weaknesses.

Syllabus

Intro
Attack Flow
SQL Audit
Disable Audit Controls
Extended Start Procedures
CLR
Automation Procedures
Agent Jobs
Machine Learning
File Autorun
Cheat Sheets
Future Research
Empire modules
New techniques
Summary


Related Courses

Building Geospatial Apps on Postgres, PostGIS, & Citus at Large Scale
Microsoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube