Abusing Microsoft SQL Server with SQLRecon

Presented at DEF CON 31 (2023), Aug. 12, 2023, noon (115 minutes).

SQLRecon helps address the post-exploitation tooling gap by modernizing the approach red team operators can take when attacking SQL Servers. The tool was designed to be modular, allowing for ease of extensibility and contributions from the hacker community. SQLRecon is written in C# and is compatible stand-alone or within a diverse set of command and control (C2) frameworks (Cobalt Strike, Nighthawk, Mythic, PoshC2, Sliver, etc). When using the latter, SQLRecon can be executed either in-process, or through traditional fork and run. SQLRecon has over 50 modules which can help facilitate with enumeration, collection, code execution, privilege escalation and lateral movement. It has been designed with operational security and defense evasion in mind.


Presenters:

  • Sanjiv Kawa
    Sanjiv Kawa (@sanjivkawa) is a Senior Managing Security Consultant on the IBM X-Force Red Adversarial Simulation team with over ten years of experience performing offensive security assessments. As part of the IBM X-Force Red Adversarial Simulation team, Sanjiv spends his days breaking into the largest organizations in the world by emulating adversary tactics, techniques and procedures to reach target objectives. He then advises these organizations on ways they can improve their security posture by implementing or tuning controls. Sanjiv is an active member in the security community. He has developed a variety of tooling and presented at large conferences, such as BSides and Wild West Hackin’ Fest and frequently contributes to projects on GitHub.

Similar Presentations: