Details

Hacking SQL Server

Speaker: André Melancia

Duration: 60 minutes

Track: Database Administration

How easy is it to hack a SQL Server? 
In this session we'll see examples on how to exploit SQL Server, modify data and take control, while at the same time not leaving a trace.
We'll start by gaining access to a SQL Server (using some "creative" ways of making man-in-the-middle attacks), escalating privileges and tampering with data at the TDS protocol level (e.g. changing your income level and reverting without a trace after payment), hacking DDM, and more. 
Most importantly, we'll also cover recommendations on how to avoid these attacks, and take a look at the pros and cons of new security features in SQL Server 2016.
This is a demo-driven session, suited for DBAs, developers and security consultants.
Disclaimer: No actual crimes will be committed. Please do not send agents to my house again.


Back to Top
cage-aids
cage-aids
cage-aids
cage-aids