Hacking SQL Server [EN]

Speaker: André Melancia

Duration: 60 minutes

Track: Administration (Platform, Architecture)

How easy is it to hack a SQL Server?
In this session we'll see examples on how to exploit SQL Server, modify data and take control, while at the same time not leaving a trace.
We'll start by gaining access to a SQL Server (using some "creative" ways of making man-in-the-middle attacks), escalating privileges and tampering with data at the TDS protocol level (e.g. changing your income level and reverting without a trace after payment), hacking DDM, RLS, and more. 
More important, we'll also cover recommendations on how to avoid these attacks, and take a look at the pros and cons of new security features in SQL Server 2016.
This is a demo-driven session, suited for DBAs, developers and security consultants.
Disclaimer: No actual crimes will be committed. Please do not send agents to my house again.

Accompanying Material

No material found.

Back to Top