{"id":10606,"date":"2017-11-01T23:05:19","date_gmt":"2017-11-01T22:05:19","guid":{"rendered":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/"},"modified":"2017-11-01T23:05:19","modified_gmt":"2017-11-01T22:05:19","slug":"pass-summit-2017-sql-server-security","status":"publish","type":"post","link":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/","title":{"rendered":"PASS SUMMIT 2017 – SQL Server Security"},"content":{"rendered":"

Today is the first day of the PASS SUMMIT 2017<\/a> in Seattle (WA). The weather is cloudy and we have only 11\u00b0C… but where is the problem? Everything happens inside! (at the Convention Center).<\/p>\n

\"IMG_9474[1]\"<\/a><\/p>\n

In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ’s session called “Modern Security Attack Vectors Against SQL Server Environments”.<\/p>\n

METASPLOIT<\/h3>\n

Metasploit is a penetration testing framework<\/a> to exploit known security vulnerabilities. This tool is able to scan a server by providing an IP address, and to list all security vulnerabilities you can find on TechNet<\/a>.<\/p>\n

After your environment has been scanned, you can exploit these vulnerabilities on every non-patched server. This kind of tool remind us how it is important to keep environments up-to-date with security updates!<\/p>\n

Metasploit can also be used to hack SQL Server login password with a Brute-Force method. Time to remain Windows Logins are recommended over SQL Logins.<\/p>\n

If you want to learn more, please read this article Metasploit Cheat Sheet<\/a> by Team Keary<\/a>. It lists the essential commands providing in the Framework.<\/p>\n

 <\/p>\n

PowerSploit<\/h3>\n

PowerSploit <\/a>is a collection of PowerShell modules (CodeExecution, ScriptModification, Exfiltration…) which can be used to exploit information \/ data from a compromised machine. This module includes the famous Mimikatz cmdlet which can be used to extract plaintext passwords, hash, PIN code and Kerberos tickets from memory.<\/p>\n

 <\/p>\n

SQLMAP<\/h3>\n

sqlmap <\/a>is a penetration testing tool. It can detect and exploit different SQL injection types, like Boolean-based blind or Time-based blind.<\/p>\n

 <\/p>\n

RDP Hijacking<\/h3>\n

Imagine a Domain Admin (or a SQL Admin) connects to a remote Windows server. When his work is done, he disconnects from his session (so the session is still available). It happens to many administrators, doesn’t it? And now imagine this Windows server has been compromised and the hacker has local administrator privileges. He is able to hijack the domain admin session, and so retrieve all his privileges…<\/p>\n

But how is it possible? You can either use PSEXEC Sysinternals tool (but it needs to be there), or either create a service which will hijack user’s session. You can find the demonstration made by Alexander Korznikov<\/a>.<\/p>\n

As a consequence, it highly recommended to completely logoff from your rdp sessions!<\/p>\n

 <\/p>\n

CONCLUSION<\/h3>\n

This session was pretty interesting because it provided various approaches which can be used to attack your MSSQL environment. It also provided different best practices to take care about, and I know I will always log off from my sessions \ud83d\ude09<\/p>\n","protected":false},"excerpt":{"rendered":"

Today is the first day of the PASS SUMMIT 2017 in Seattle (WA). The weather is cloudy and we have only 11\u00b0C… but where is the problem? Everything happens inside! (at the Convention Center). In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ’s session called […]<\/p>\n","protected":false},"author":14,"featured_media":10607,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[229],"tags":[1203,25,51],"type_dbi":[],"class_list":["post-10606","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-database-administration-monitoring","tag-pass-summit","tag-security","tag-sql-server"],"acf":[],"yoast_head":"\nPASS SUMMIT 2017 - SQL Server Security - dbi Blog<\/title>\n<meta name=\"description\" content=\"In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ's session called "Modern Security Attack Vectors Against SQL Server Environments".\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PASS SUMMIT 2017 - SQL Server Security\" \/>\n<meta property=\"og:description\" content=\"In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ's session called "Modern Security Attack Vectors Against SQL Server Environments".\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\" \/>\n<meta property=\"og:site_name\" content=\"dbi Blog\" \/>\n<meta property=\"article:published_time\" content=\"2017-11-01T22:05:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2560\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Nathan Courtine\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nathan Courtine\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\"},\"author\":{\"name\":\"Nathan Courtine\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/38305b5ebdcdb4fb784fa31d760862d1\"},\"headline\":\"PASS SUMMIT 2017 – SQL Server Security\",\"datePublished\":\"2017-11-01T22:05:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\"},\"wordCount\":423,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg\",\"keywords\":[\"Pass Summit\",\"Security\",\"SQL Server\"],\"articleSection\":[\"Database Administration & Monitoring\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\",\"name\":\"PASS SUMMIT 2017 - SQL Server Security - dbi Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg\",\"datePublished\":\"2017-11-01T22:05:19+00:00\",\"author\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/38305b5ebdcdb4fb784fa31d760862d1\"},\"description\":\"In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ's session called \\\"Modern Security Attack Vectors Against SQL Server Environments\\\".\",\"breadcrumb\":{\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg\",\"contentUrl\":\"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg\",\"width\":2560,\"height\":1920},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.dbi-services.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"PASS SUMMIT 2017 – SQL Server Security\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#website\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/\",\"name\":\"dbi Blog\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/38305b5ebdcdb4fb784fa31d760862d1\",\"name\":\"Nathan Courtine\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/0fcc6c91bbc35c976c9d470585e48ae5d500680f1f55de5bbc5f8373b8ebb02c?s=96&d=mm&r=g\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0fcc6c91bbc35c976c9d470585e48ae5d500680f1f55de5bbc5f8373b8ebb02c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0fcc6c91bbc35c976c9d470585e48ae5d500680f1f55de5bbc5f8373b8ebb02c?s=96&d=mm&r=g\",\"caption\":\"Nathan Courtine\"},\"description\":\"Nathan Courtine has more than four years of experience in Microsoft solutions. He is specialized in SQL Server installation, migration, performance analysis, best practices, etc. Moreover, he has a background in Oracle Java and .NET software and web development. Nathan Courtine is Microsoft Certified in Administering SQL Server 2012 Databases. Nathan Courtine holds an Engineer\u2019s Degree in Computer Science from the ENSISA (Ecole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse (F). His branch-related experience covers Public Sector, Automotive, IT, Financial Services \/ Banking, etc.\",\"url\":\"https:\/\/www.dbi-services.com\/blog\/author\/nathan-courtine\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"PASS SUMMIT 2017 - SQL Server Security - dbi Blog","description":"In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ's session called \"Modern Security Attack Vectors Against SQL Server Environments\".","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/","og_locale":"en_US","og_type":"article","og_title":"PASS SUMMIT 2017 - SQL Server Security","og_description":"In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ's session called \"Modern Security Attack Vectors Against SQL Server Environments\".","og_url":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/","og_site_name":"dbi Blog","article_published_time":"2017-11-01T22:05:19+00:00","og_image":[{"width":2560,"height":1920,"url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg","type":"image\/jpeg"}],"author":"Nathan Courtine","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Nathan Courtine","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#article","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/"},"author":{"name":"Nathan Courtine","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/38305b5ebdcdb4fb784fa31d760862d1"},"headline":"PASS SUMMIT 2017 – SQL Server Security","datePublished":"2017-11-01T22:05:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/"},"wordCount":423,"commentCount":0,"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg","keywords":["Pass Summit","Security","SQL Server"],"articleSection":["Database Administration & Monitoring"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/","url":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/","name":"PASS SUMMIT 2017 - SQL Server Security - dbi Blog","isPartOf":{"@id":"https:\/\/www.dbi-services.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage"},"image":{"@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg","datePublished":"2017-11-01T22:05:19+00:00","author":{"@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/38305b5ebdcdb4fb784fa31d760862d1"},"description":"In this blog, I will make a summary of main attack vectors against MSSQL environments, based on Argenis FERANDEZ's session called \"Modern Security Attack Vectors Against SQL Server Environments\".","breadcrumb":{"@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#primaryimage","url":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg","contentUrl":"https:\/\/www.dbi-services.com\/blog\/wp-content\/uploads\/sites\/2\/2022\/04\/PASS_SUMMIT_2017-scaled.jpg","width":2560,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/www.dbi-services.com\/blog\/pass-summit-2017-sql-server-security\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dbi-services.com\/blog\/"},{"@type":"ListItem","position":2,"name":"PASS SUMMIT 2017 – SQL Server Security"}]},{"@type":"WebSite","@id":"https:\/\/www.dbi-services.com\/blog\/#website","url":"https:\/\/www.dbi-services.com\/blog\/","name":"dbi Blog","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dbi-services.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dbi-services.com\/blog\/#\/schema\/person\/38305b5ebdcdb4fb784fa31d760862d1","name":"Nathan Courtine","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/0fcc6c91bbc35c976c9d470585e48ae5d500680f1f55de5bbc5f8373b8ebb02c?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/0fcc6c91bbc35c976c9d470585e48ae5d500680f1f55de5bbc5f8373b8ebb02c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0fcc6c91bbc35c976c9d470585e48ae5d500680f1f55de5bbc5f8373b8ebb02c?s=96&d=mm&r=g","caption":"Nathan Courtine"},"description":"Nathan Courtine has more than four years of experience in Microsoft solutions. He is specialized in SQL Server installation, migration, performance analysis, best practices, etc. Moreover, he has a background in Oracle Java and .NET software and web development. Nathan Courtine is Microsoft Certified in Administering SQL Server 2012 Databases. Nathan Courtine holds an Engineer\u2019s Degree in Computer Science from the ENSISA (Ecole Nationale Sup\u00e9rieure d'Ing\u00e9nieurs Sud Alsace) in Mulhouse (F). His branch-related experience covers Public Sector, Automotive, IT, Financial Services \/ Banking, etc.","url":"https:\/\/www.dbi-services.com\/blog\/author\/nathan-courtine\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/10606","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/users\/14"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/comments?post=10606"}],"version-history":[{"count":0,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/posts\/10606\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media\/10607"}],"wp:attachment":[{"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/media?parent=10606"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/categories?post=10606"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/tags?post=10606"},{"taxonomy":"type","embeddable":true,"href":"https:\/\/www.dbi-services.com\/blog\/wp-json\/wp\/v2\/type_dbi?post=10606"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}