PA – Abusing SQL Server Trusts in a Windows Domain


PA – Abusing SQL Server Trusts in a Windows Domain
English | Size: 732.86 MB
Category: CBTs
MS SQL Server is widely used in enterprise networks. Due to its use by third party applications, support for legacy applications and use as a database, SQL Server is a treasure trove for attackers. It gets integrated with in an active directory environment very well, which makes it an attractive target for abuse of features and privileges.

In this training, we will see that how to attack a SQL Server not only as an individual service but as a part of the enterprise network. We will discuss the mutual trust which SQL Server has with domain, users and how linked SQL Servers can be abused. We will perform enumeration and scanning, privilege escalation and post exploitation tasks like Domain Privilege Escalation, identifying juicy information, Command Execution, retrieving system secrets, lateral movement, persistence and more.

Course Syllabus:

SQL Server in Windows Domain
SQL Server Roles and Privileges
Introduction to PowerShell
Discovery, Enumeration and Scanning
Brute Force Attacks
Privilege Escalation
OS Command Execution
Retrieving System Secrets
Mapping and abusing domain trust
Lateral Movement
Database Links
Identifying Juicy Information


Tags: , , , ,

Leave a Reply