Hacking SQL Server [EN]
Administration (Platform, Architecture)
How easy is it to hack a SQL Server?
In this session we'll see examples on how to exploit SQL Server, modify data and take control, while at the same time not leaving a trace.
We'll start by gaining access to a SQL Server (using some "creative" ways of making man-in-the-middle attacks), escalating privileges and tampering with data at the TDS protocol level (e.g. changing your income level and reverting without a trace after payment), hacking DDM, RLS, and more.
More important, we'll also cover recommendations on how to avoid these attacks, and take a look at the pros and cons of new security features in SQL Server 2016.
This is a demo-driven session, suited for DBAs, developers and security consultants.
Disclaimer: No actual crimes will be committed. Please do not send agents to my house again.
No formal prerequisites. Knowledge of 2016/2017 new features, traffic sniffing, SQL Server TDS protocol and SQL Server security in general is a plus.
No material found.