Alexander Leary, Scott Sutherland - Beyond xp_cmdshell: Owning the Empire through SQL Server
During this presentation, we’ll cover interesting techniques for executing operating system commands through SQL Server that can be used to avoid detection and maintain persistence during red team engagements. We’ll also talk about automating attacks through PowerShell Empire and PowerUpSQL. This will include a review of command execution through custom extended stored procedures, CLR assemblies, WMI providers, R scripts, python scripts, agent jobs, and custom ole objects. We’ll also dig into some new integrations with PowerShell Empire. All code and slide decks will be released during the presentation.
This should be interesting to blue teamers looking for a faster way to test their detective control capabilities and red teamers looking for a practical way to avoid detection while trying to maintain access to their target environments.
Alexander Leary and Scott Sutherland conduct penetration testing, red team, and purple team engagements through NetSPI. Alexander Leary @0xbadjuju
Scott is the author of PowerUpSQL and Alexander has contributed code to PowerUPSQL and PowerShell Empire. Scott Sutherland @_nullbind