SQL Server Hacking on Scale using PowerShell

THOTCON 0x8

Presented by: Scott Sutherland
Date: Thursday May 04, 2017
Time: 14:00 - 14:20
Location: Track 2
Track: Turbo

This presentation will provide an overview of common SQL Server discovery, privilege escalation, persistence, and data targeting techniques. Techniques will be shared for escalating privileges on SQL Server and associated Active Directory domains. Finally I'll show how PowerShell automation can be used to execute the SQL Server attacks on scale with PowerUpSQL. All scripts demonstrated during the presentation are available on GitHub. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server attack surface and how it can be exploited.

Scott Sutherland

Scott is a security consultant that performs application and network penetration tests at NetSPI.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats