During this presentation, weÕll cover interesting techniques for executing operating system commands through SQL Server that can be used to avoid detection and maintain persistence during red team engagements. WeÕll also talk about automating attacks through PowerShell Empire and PowerUpSQL. This will include a review of command execution through custom extended stored procedures, CLR assemblies, WMI providers, R scripts, python scripts, agent jobs, and custom ole objects. WeÕll also dig into some new integrations with PowerShell Empire. All code and slide decks will be released during the presentation. This should be interesting to blue teamers looking for a faster way to test their detective control capabilities and red teamers looking for a practical way to avoid detection while trying to maintain access to their target environments.

Alexander Leary and Scott Sutherland conduct penetration testing, red team, and purple team engagements through NetSPI. Scott is the author of PowerUpSQL and Alexander has contributed code to PowerUPSQL and PowerShell Empire.

@0xbadjuju, @_nullbind

Back to Derbycon 2017 video list