Collection with PowerUpSQL

In a red team engagement, it is crucial to collect sensitive information to demonstrate the impact of a cyber attack to your client. This course will teach you how to collect sensitive data from Microsoft SQL databases using the PowerUpSQL tool.
Course info
Level
Intermediate
Updated
Jul 14, 2020
Duration
26m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jul 14, 2020
Duration
26m
Description

An important step on a red team engagement is collecting sensitive information. By demonstrating what kind of data a hacker could have access to, your client can better understand the impact of a real cyber-attack. In this course, Collection with PowerUpSQL, you will cover one of the most important tools for exploiting Microsoft SQL databases, the PowerUpSQL framework. First, you will learn how to get access to the database by discovering weak credentials in your target. Next, you will explore how to find and collect sensitive data in the database, including credit card information and stored passwords. Finally, you will see how to simulate a malicious attack of modifying stored data, hiding your tracks, and deleting entire tables. When you are finished with this course, you will have the skills and knowledge of PowerUpSQL needed to collect sensitive data from your target Microsoft SQL databases and cover four important tactics from the MITRE ATT&CK framework: Valid Accounts (T1078), Data from Local System (T1005), Stored Data Manipulation (T1492) and Data Destruction (T1485).

About the author
About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 10+ years of IT experience, 6 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

More from the author
Collection with PowerSploit
Intermediate
28m
May 29, 2020
More courses by Ricardo Reimao
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hey there, welcome to Pluralsight. In this cybersecurity tools course, you'll learn how to collect sensitive information from Microsoft SQL Servers using the PowerUpSQL framework. In the red team engagement, after getting initial access to a few machines, it is really important to start collecting sensitive information so your client can understand the impact of a real cyber attack. The PowerUpSQL is a complete framework for exploiting Microsoft SQL Servers with tools that will help you from discovery to collection and exfiltration. In this course, you'll learn how to use PowerUpSQL to collect sensitive data in your environment. We start by learning how to discover weak credentials on the SQL database using PowerUpSQL. We then search and collect sensitive information from the database, including credit card data and stored passwords. After that, if you really want to simulate a real attacker, you'll learn how to cause impact on an environment by modifying stored data and even deleting tables. So, whether you're trying to collect sensitive information in the red team engagement or just looking to audit the security of your own company, join me in learning how to collect sensitive information using the PowerUpSQL tool, here at Pluralsight.