Presented at
AppSec USA 2012,
Oct. 26, 2012, 1 p.m.
(45 minutes)
During this presentation attendees will be introduced to lesser known, yet significant vulnerabilities in SQL Server implementations related to common trust relationships, misconfigurations, and weak default settings. The issues that will be covered are often leveraged by attackers to gain unauthorized access to high value systems, applications, and sensitive data. An overview of each issue, common vectors of attack, and manual techniques will be covered. Finally newly created Metasploit modules and TSQL scripts will be demonstrated that help automate the attacks. This presentation will be valuable to penetration testers who are looking for faster ways to gain access to critical data and systems. Additionally, it should be worth while for developers and database administrators who are interested in gaining a better understanding of how to protect their applications and databases from these attacks.
Presenters:
-
Antti Rantasaari
- Security Consultant - NetSPI
Antti Rantasaari is currently a security consultant at NetSPI. He is responsible for performing security assessments and contributing to the development of the methodologies, techniques, and tools used during network and application penetration testing.
-
Scott Sutherland / nullbind
- NetSPI
as Scott Sutherland
Scott Sutherland is a Principal Security Consultant at NetSPI. Scott is responsible for the development and execution of penetration testing for the firm. He has developed a number of the proprietary tools and techniques that the company uses and also plays a major role in the skills development and training of the NetSPI network and application penetration testing team. Scott is an active participant in the information security community, regularly contributing technical security blog posts, whitepapers, and presenting at a wide variety of conferences.
Links:
Similar Presentations: