SQL Server Hacking Tips for Active Directory Environments
Watch the second webinar in our Lunch & Learn Series below!
Where there is Active Directory, there are SQL Servers. In dynamic enterprise environments, it’s common to see both platforms suffer from misconfigurations that lead to unauthorized system and sensitive data access. During this presentation, Scott covers common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. He also shares a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.
This presentation was originally developed for the Troopers20 conference, but due to the current travel constraints we’ll be sharing it online during this webinar.
In this blog, Scott Sutherland walk through how global temporary tables work, and share some techniques that NetSPI has used to identify and exploit them in real applications.
Evil SQL Client (ESC) is an interactive .net SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. This blog will provide a quick overview of the tool and provide you the code to download and use.