Midlands PASS

Welcome to the Midlands PASS

Next Meeting

Tuesday,

July

02

How I Would Hack SQL Server

How I Would Hack SQL Server

This isn’t a talk about best practices or how to configure your system. It’s designed to get into the mindset of a motivated, equipped adversary who wants to get in to a system or application, specifically SQL Server, and uses the full extent of his or her creativity to do so. We’ll look at both traditional and non-traditional weak points, how an attacker discovers them, exploits them, and then covers up his or her tracks. We’ll also discuss what we can do to compensate for a weakness we can’t fix, which revolves mostly around detection and response and how an attacker will respond to such countermeasures.

About Brian Kelley

Brian Kelley is an author, columnist, Certified Information Systems Auditor (CISA), accredited CISA trainer, and former Microsoft Data Platform (SQL Server) MVP (2009-2016) focusing primarily on SQL Server and Windows security. Brian currently serves as a data architect as well as an independent infrastructure/security architect concentrating on Active Directory, SQL Server, and Windows Server. He has served in a myriad of other positions including senior database administrator, data warehouse architect, web developer, incident response team lead, and project manager. Brian has spoken at 24 Hours of PASS, the Marathon of PASS, IT/Dev Connections, SQLConnections, the SSWUG Virtual Conferences, the Techno Security and Forensics Investigation Conference, the IT GRC Forum, SyntaxCon, and at various SQL Saturdays, Code Camps, and user groups.

Featured Presentation:

How I Would Hack SQL Server

Brian Kelley, Data, Infrastructure, and Security Architect Truth Solutions

This isn’t a talk about best practices or how to configure your system. It’s designed to get into the mindset of a motivated, equipped adversary who wants to get in to a system or application, specifically SQL Server, and uses the full extent of his or her creativity to do so. We’ll look at both traditional and non-traditional weak points, how an attacker discovers them, exploits them, and then covers up his or her tracks. We’ll also discuss what we can do to compensate for a weakness we can’t fix, which revolves mostly around detection and response and how an attacker will respond to such countermeasures.

About Brian:
Brian Kelley is an author, columnist, Certified Information Systems Auditor (CISA), accredited CISA trainer, and former Microsoft Data Platform (SQL Server) MVP (2009-2016) focusing primarily on SQL Server and Windows security. Brian currently serves as a data architect as well as an independent infrastructure/security architect concentrating on Active Directory, SQL Server, and Windows Server. He has served in a myriad of other positions including senior database administrator, data warehouse architect, web developer, incident response team lead, and project manager. Brian has spoken at 24 Hours of PASS, the Marathon of PASS, IT/Dev Connections, SQLConnections, the SSWUG Virtual Conferences, the Techno Security and Forensics Investigation

PASSChapterLogo.jpg

Back to Top
cage-aids
cage-aids
cage-aids
cage-aids