AppSecUSA 2012 has ended
Back To Schedule
Friday, October 26 • 1:00pm - 1:45pm
SQL Server Exploitation, Escalation, and Pilfering

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. The issues that will be covered are often leveraged by attackers to gain unauthorized access to high value systems, applications, and sensitive data. An overview of each issue, common vectors of attack, and manual techniques will be covered. Finally newly created Metasploit modules and TSQL scripts will be demonstrated that help automate the attacks. This presentation will be valuable to penetration testers who are looking for faster ways to gain access to critical data and systems. Additionally, it should be worth while for developers and database administrators who are interested in gaining a better understanding of how to protect their applications and databases from these attacks.

avatar for Antti Rantasaari

Antti Rantasaari

Security Consultant, NetSPI
Antti Rantasaari is currently a security consultant at NetSPI. He is responsible for performing security assessments and contributing to the development of the methodologies, techniques, and tools used during network and application penetration testing.
avatar for Scott Sutherland

Scott Sutherland

Scott Sutherland is a Principal Security Consultant at NetSPI. Scott is responsible for the development and execution of penetration testing for the firm. He has developed a number of the proprietary tools and techniques that the company uses and also plays a major role in the skills... Read More →

Friday October 26, 2012 1:00pm - 1:45pm CDT
Gemalto Room - Hill Country C Hyatt Regency Austin, 208 Barton Springs Road, Austin, TX, 78704

Attendees (0)