Once again I’ll be taking the SQL-show on the road, this time up to Vancouver, BC for CanSecWest 2013. My talk will focus on the methods and mayhem that can be had in a MS-SQL post-exploitation environment: dumping hashes without querying the database, escalating to admin (or worse) from the confines of the service, and turning SQL into an attack platform so you don’t have to bother with that pesky operating system environment. This talk builds on much of my previous research, but there will be plenty of new materials, revamped tools, and maybe one or two utilities that the average pen-tester lacks in their engagements.
If you’re at the con and would care to check it out, I’ll be occupying the stage at Friday, March 8th, at 1:30PM. Hope to see you there!