1 / 12

Hacking SQL Server for Fun and Profit

Hacking SQL Server for Fun and Profit. DISCLAIMER!. Don’t try this at home If you break your system(s), it’s on you – not me, not the Security VC leaders/volunteers, not PASS If you use this to hack someone, make sure to leave no trace Kidding, the NSA knows. About….

vara
Download Presentation

Hacking SQL Server for Fun and Profit

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hacking SQL Server for Fun and Profit

  2. DISCLAIMER! • Don’t try this at home • If you break your system(s), it’s on you – not me, not the Security VC leaders/volunteers, not PASS • If you use this to hack someone, make sure to leave no trace • Kidding, the NSA knows.

  3. About… • Data Platform (fka SQL Server) MVP • Principal Data Architect @ Pure Storage • Former Board of Directors @ PASS • Formerly Senior Consultant @ Microsoft • Microsoft Certified Master • VMware vExpert • DBA/Dev/SysAdmin for 19 years • Regular Speaker (PASS Summit, PASS SQLRally, SQLBits XI, TechEd, IT/DevConnections) • Founded the Security Virtual Chapter for PASS • Twitter enthusiast and occasional blogger

  4. Agenda • SQL Server forensics • Local admin = sysadmin • Network sniffing • Pass-the-hash • Finding undocumented stuff

  5. Where stuff is kept/persisted SQL Server Forensics

  6. Assumptions are bad. Local admin = sysadmin

  7. Smoke and mirrors. Network sniffing

  8. 20 year old attack vector Pass-the-hash

  9. Moar! Finding undocumented stuff

  10. Q&A

  11. THANK YOU!

  12. Contact Info • argenis@purestorage.com • @DBArgenis on Twitter • http://www.sqlblog.com/blogs/argenis_fernandez/ • http://blog.purestorage.com/author/argenis/

More Related