Understands the difference between local SQL Server accounts and integrated auth, an the security implications of both

–

Can identify running databases using from the SQL browser service

Can recognise common database connection string formats, e.g. JDBC

–

Understands common connection and authentication methods used by web applications to connect to database servers

Understands and can demonstrate how access can be gained to such a database server through the use of default accounts credentials and insecure passwords

–

Understands and can demonstrate the remote exploitation of common no-SQL database servers, such as MongoDB

–

Can identify and extract useful information stored within a database (e.g. user account names and passwords, recovering passwords where possible)

Can identify and extract useful information stored within a database (e.g. user account names and passwords, recovering passwords where possible)

Following the compromise of Microsoft SQL server, can use stored procedures to execute system commands, escalate privileges, read/write from/to the file system, and/or gain further access to a host

–

Can identify and extract useful information stored within a database (e.g. user account names and passwords, recovering passwords where possible)

–

Understands and can demonstrate how access can be gained to a Microsoft SQL server through the use of default accounts credentials and insecure passwords

–

Understands and can demonstrate the remote exploitation of Microsoft SQL Server