SQL Server Hacking Tips for Active Directory Environments

Watch the second webinar in our Lunch & Learn Series below!

Where there is Active Directory, there are SQL Servers. In dynamic enterprise environments, it’s common to see both platforms suffer from misconfigurations that lead to unauthorized system and sensitive data access. During this presentation, Scott covers common ways to target, exploit, and escalate domain privileges through SQL Servers in Active Directory environments. He also shares a msbuild.exe project file that can be used as an offensive SQL Client during red team engagements when tools like PowerUpSQL are too overt.

This presentation was originally developed for the Troopers20 conference, but due to the current travel constraints we’ll be sharing it online during this webinar.

Presenter

Related Resources

Lunch & Learn Webinar Series

The NetSPI Lunch & Learn Webinar Series is an opportunity for continued education around vulnerability management and penetration testing.

Exploiting SQL Server Global Temporary Table Race Conditions

In this blog, Scott Sutherland walk through how global temporary tables work, and share some techniques that NetSPI has used to identify and exploit them in real applications.

Evil SQL Client Console: Msbuild All the Things

Evil SQL Client (ESC) is an interactive .net SQL console client with enhanced SQL Server discovery, access, and data exfiltration features. This blog will provide a quick overview of the tool and provide you the code to download and use.


Contact Us

Cookies Required

Sorry, cookies are required to use this website.

Allow Cookies