Attacking SQL Server CLR Assemblies

During this webinar we’ll review how to create, import, export, and modify CLR assemblies in SQL Server with the goal of privilege escalation, OS command execution, and persistence. Scott will also share a few PowerUpSQL functions that can be used to execute the CLR attacks on a larger scale in Active Directory environments.

Presenter

Related Resources

PowerUpSQL: A PowerShell Toolkit for Attacking SQL Server

In this blog, you’ll learn about the PowerUpSQL PowerShell module, which supports SQL Server instance discovery, auditing for weak configurations, and privilege escalation on scale. 

PowerUpSQL Module on GitHub

PowerUpSQL was designed with six objectives in mind and is intended to be used during internal penetration tests and red team engagements. However, PowerUpSQL also includes many functions that could be used by administrators to quickly inventory the SQL Servers in their ADS domain.

Attacking Modern Environments through SQL Server with PowerUpSQL

Learn about one of the open source projects from the NetSPI toolbox called PowerUpSQL. PowerUpSQL can be used to blindly inventory SQL Servers, audit them for common security misconfigurations, and exploit identified vulnerabilities during pentests and red teams operations.


Contact Us