• Understands and can demonstrate the remote exploitation of an Oracle database.
• Understands the security attributes of the Oracle TNS Listener service.
• Can demonstrate how the software version and patch status can be obtained from an Oracle database.
• Understands and can demonstrate how access can be gained to an Oracle database server through the use of default account credentials and insecure passwords.
• Can identify and extract useful information stored within a database (e.g. user account names and passwords, recovering passwords where possible).
• Following the compromise of an Oracle database server, can use stored procedures to execute system commands, escalate privileges,read/write from/to the file system, and/or gain further access to a host.

Understands and can demonstrate the remote exploitation of othercommon SQL database servers, such as MySQL and PostgreSQL.

Understands and can demonstrate the remote exploitation ofcommon no-SQL database servers, such as MongoDB.

Understands and can demonstrate how access can be gained tosuch a database server through the use of default accountscredentials and insecure passwords.

Can identify and extract useful information stored within a database (e.g. user account names and passwords, recovering passwords where possible).

• Understands common connection and authentication methods used by web applications to connect to database servers.
• Can recognise common database connection string formats, e.g. JDBC

• Can identify running databases using from the SQL browser service.
• Understands the difference between local SQL Server accounts and integrated auth, and the security implications of both.
• Demonstrate the ability to execute operating system commands without xp_cmdshell.