Hacking SQL Server The best defense is a good offence by Dustin

Slides:

Advertisements

Similar presentations

Module XIV SQL Injection

Advertisements

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 12, 2014 DRAFT1.

.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

Dec 13 th CS555 presentation1 Yiwen Wang --“Securing the DB may be the single biggest action an organization can take to protect its assets” David C. Knox.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Chapter 8 Hardening Your SQL Server Instance. Hardening  Hardening The process of making your SQL Server Instance more secure  New features Policy based.

Forensic Artifacts From A Pass The Hash (PtH) Attack

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Howard Pincham, MCITP, CISSP Database and Compliance Engineer Hyland Software, Inc.

Attacks Against Database By: Behnam Hossein Ami RNRN i { }

Penetration Testing Training Day Penetration Testing Tools and Techniques – pt 1 Mike Westmacott, IRM plc Supported by.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Hands on with BackTrack Information gathering, scanning, simple exploits By Edison Carrick.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

I-Hack’08 International Hacking Competition “Details”

Penetration Testing 101 (Boot-camp)

CNIT 124: Advanced Ethical Hacking Ch 10: Client-Side Exploitation.

Introducing the Smartphone Pentesting Framework Georgia Weidman Bulb Security LLC Approved for Public Release, Distribution Unlimited.

Module 1A An Introduction to Metasploit – Based upon Chapter 2 of “Metasploit the Penetration testers guide” Based upon Chapter 2 of “Metasploit the Penetration.

Databases Kevin Wright Ben Bruckner Group 40. Outline Background Vulnerabilities Log File Cleaning This Lab.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

Module 7: Designing Security for Accounts and Services.

JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

Cyber Security – The Changing Landscape Erick Weber Department of Public Works Khaled Tawfik Cyber Security.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

.  User groups o Cisco, SQL, Virtualization  Conferences o GrrCON, SQL Saturday  Hands-On o Capture the Flag o Forensics  RSS  Exploit-DB updates.

PostExploitation CIS 5930/4930 Offensive Computer Security Spring 2014.

Hacking 101, Boot-camp Computer Security Group March 10, 2010 Mitchell Adair.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Defense In Depth: Minimizing the Risk of SQL Injection

[blank page for bug work-around]

Penetration Testing Exploiting 2: Compromising Target by Metasploit tool CIS 6395, Incident Response Technologies Fall 2016, Dr. Cliff Zou

Project CTF Yeganeh Safaei Arizona State University

GENI, Pen Testing, & other stories

SQL Server Security & Intrusion Prevention

Hacking SQL Server a peek into the dark side by Dustin Prescott

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Chapter 7: Identifying Advanced Attacks

Penetration Test Debrief

Some Methods Phishing Database & Password Exploits Social Engineering & Networking Weak Controls Default Accounts & Passwords Dated Software & Patch.

Daniel Kouril, Ivo Nutar Masaryk University

Common SQL Server Mistakes and How to Avoid Them

Penetration Testing following OWASP

Metasploit a one-stop hack shop

Laura Jaideny Pérez Gómez - A

Common Operating System Exploits

Introduction to Networking

Homework & Class review

Exploits and Zero-Days Exploits

Determined Human Adversaries: Mitigations

Limiting SQL Server Exposure

Homework & Class review

Backtrack Metasploit and SET

Web Application Penetration Testing ‘17

Chapter 7 – and 8 pp 155 – 202 of Web security by Lincoln D. Stein

Network hardening Chapter 14.

Determined Human Adversaries: Mitigations

Designing IIS Security (IIS – Internet Information Service)

Convergence IT Services Pvt. Ltd

Bethesda Cybersecurity Club

Presentation transcript:

Hacking SQL Server The best defense is a good offence by Dustin Prescott @nujakcities Created: Modified: 11/24/2012

Learning Content on Security Street User groups RSS Exploit-DB updates Cisco, SQL, Virtualization Conferences GrrCON, SQL Saturday Hands-On Capture the Flag Forensics RSS Exploit-DB updates SecurityFocus Vuln.. Content on Security Street Twitter @markrussinovich @Wh1t3Rabbit @EggDropX @msftsecurity

Initial Attack Vectors Network communication vital Proxies Whitelist inbound, Blacklist outbout Corporate/Windows Firewalls

Authentication vs. Authorization Try to steal credentials of highly privileged users such as Application IDs, DBA Accounts or Domain Admins. Onion. Problem: Hackers don’t care about Authorization

Tools BackTrack (bt) Zenmap Metasploit framework Bootable, vm, phone Zenmap Metasploit framework 927+ exploits 251+ payloads Meterpreter Social Engineering Toolkit Netdiscover Fasttrack & autopwn

Tools (NEW HOTNESS) Kali Linux Metasploit framework Bootable, vm, phone Metasploit framework 927+ exploits 251+ payloads Meterpreter Social Engineering Toolkit Netdiscover BBQSQL (sql injection) AND MORE!

Meterpreter Payload Interesting Commands Getuid GetSystem Ps kill Migrate Shell Hashdump Webcam_snap clearev

Demo – Information Gathering & Exploit

Patches and Misconfigurations If you are not patching, no reason for pen testing Don’t forget 3rd party utilities Peer review servers cleanup

Misconfigurations Blank or weak ‘sa’ password Default 3rd party passwords Accidental administrators(Dev) Over privileged services(System) Extra un-used services(Writer) Extra un-used protocols (SQL Auth)

Patches Reversing patches is common practice Midi file buffer overflow exploited in wild 16 days after the patch Common msf exploits used MSYY- naming convention CVE – common vulnerabilities and exposures Know unsupported dates

Layers Layers that still work DR Firewalls Strong Passwords Antivirus Patches Group Policy Log Monitoring Least privilege Audits and Testing DR Did someone say zombies?

Roadblock Don’t be a disabler for business. Dan Lohrmann

Openwall & pastebin

PaSsW0rD

PaSsW0rD

PaSsW0rD

PaSsW0rD

Back to Demo Post Carnage Analysis

Q&A Other hacks? Review whiteboarding ‘ OR 1=1; -- Create table, insert web.config Browser based attacks The next MS08_067 Review whiteboarding

Review