We spend way too much time each month drafting the newsletters for the PowerShell Group of PASS. But hey, we’re database people, not email mavens,
A few weeks ago Brent Ozar laid out his “crazy idea” for doing a free online conference that he has named “GroupBy”. I didn’t have
This presentation will provide an overview of common SQL Server discovery, privilege escalation, and data targeting techniques. It will also cover how SQL Servers can be leveraged to escalate privileges in Active Directory domains. Finally, we’ll show how PowerShell automation can be used to execute the SQL Server attacks on scale. This should be useful to penetration testers and system administrators trying to gain a better understanding of their SQL Server’s attack surface and how it can be exploited.
The other day I was chatting with my friend Tom Roush ( B | T ) and he mentioned needing to scan every database on every SQL Server instance in his environment and look for a particular word in the stored procs. Tom and I had discussed basics of his environment once before so I knew he already had Registered Servers filled out with all the instances he was going to need to search.
Write-SqlTableData came out last month in SSMS 16.4, it’s V1 so it’s not perfect [yet] but boy is it ever magic when you’re in a hurry! In this case, in order to be able to save the results for Tom, we need to find what we’re looking for once and then create a table in SQL Server using those results. To do this we use our very much improved friend Invoke-Sqlcmd and we leverage the new -OutputAs DataTables parameter which came out earlier this year. That give us a .Net Data Table.
Enter your email address to subscribe to this blog and receive notifications of new posts by email.