Beyond xp_cmdshell

DerbyCon 7.0 - Legacy

Presented by: Alexander Leary, Scott Sutherland
Date: Friday September 22, 2017
Time: 13:00 - 13:25
Location: Stable Talks

Alexander Leary, Scott Sutherland - Beyond xp_cmdshell: Owning the Empire through SQL Server

During this presentation, we’ll cover interesting techniques for executing operating system commands through SQL Server that can be used to avoid detection and maintain persistence during red team engagements. We’ll also talk about automating attacks through PowerShell Empire and PowerUpSQL. This will include a review of command execution through custom extended stored procedures, CLR assemblies, WMI providers, R scripts, python scripts, agent jobs, and custom ole objects. We’ll also dig into some new integrations with PowerShell Empire. All code and slide decks will be released during the presentation.

This should be interesting to blue teamers looking for a faster way to test their detective control capabilities and red teamers looking for a practical way to avoid detection while trying to maintain access to their target environments.

Alexander Leary

Alexander Leary and Scott Sutherland conduct penetration testing, red team, and purple team engagements through NetSPI. Alexander Leary @0xbadjuju

Scott Sutherland

Scott is the author of PowerUpSQL and Alexander has contributed code to PowerUPSQL and PowerShell Empire. Scott Sutherland @_nullbind


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats