Hacking SQL Server [EN]

André Melancia
60 minutes
Administration (Platform, Architecture)
How easy is it to hack a SQL Server? In this session we'll see examples on how to exploit SQL Server, modify data and take control, while at the same time not leaving a trace. We'll start by gaining access to a SQL Server (using some "creative" ways of making man-in-the-middle attacks), escalating privileges and tampering with data at the TDS protocol level (e.g. changing your income level and reverting without a trace after payment), hacking DDM, RLS, and more. More important, we'll also cover recommendations on how to avoid these attacks, and take a look at the pros and cons of new security features in SQL Server 2016. This is a demo-driven session, suited for DBAs, developers and security consultants. Disclaimer: No actual crimes will be committed. Please do not send agents to my house again.
No formal prerequisites. Knowledge of 2016/2017 new features, traffic sniffing, SQL Server TDS protocol and SQL Server security in general is a plus.

Accompanying Material

No material found.

Back to Top cage-aids