Next up for the PowerShell Virtual Chapter of PASS Scott Sutherland ( b | t ) will be presenting: Hacking SQL Servers on Scale using PowerShell. This session will be live on Wednesday Oct 19, 12-Noon EDT (GMT -4). As always, we will get the recording posted to you PoSh VC YouTube channel as quickly as we can.
You can register for this webinar right here: http://bit.ly/2dIK7K0
I’m really curious to how all this works. I’m certainly no penetration-tester but since Scott is making the PowerUpSQL module available I’m hoping I can learn some things that I can use to help harden SQL Server environments when my clients need help with that.
About the presentation:
This presentation will provide an overview of common SQL Server discovery, privilege escalation, and data targeting techniques. It will also cover how SQL Servers can be leveraged to escalate privileges in Active Directory domains. Finally, we’ll show how PowerShell automation can be used to execute the SQL Server attacks on scale. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server’s attack surface and how it can be exploited.
All slides and the PowerUpSQL module will be made available online.
Scott is currently responsible for the development, and execution of penetration testing at NetSPI. His role includes researching and developing tools, techniques, and methodologies used during network and application penetration tests. Scott has been providing IT security services to medium sized to Fortune 50 companies for over 10 years. His goal is to help them identify the risks that exist in their environment, and develop prioritized remediation plans that take into account their business constraints and requirements. As an active participant in the information security community, Scott also contributes technical security blog posts, whitepapers, and presentations on a regular basis through NetSPI.