{"id":3468,"date":"2013-10-11T17:19:47","date_gmt":"2013-10-11T16:19:47","guid":{"rendered":"http:\/\/andreas-wolter.com\/sicherheits-vortrag-sql-server-under-attack-diesen-november-sql-rally-amsterdam\/"},"modified":"2017-10-18T16:56:49","modified_gmt":"2017-10-18T15:56:49","slug":"security-session-sql-server-under-attack-this-november-sql-rally-amsterdam","status":"publish","type":"post","link":"https:\/\/andreas-wolter.com\/en\/security-session-sql-server-under-attack-this-november-sql-rally-amsterdam\/","title":{"rendered":"Security-Session: \u201cSQL Server under Attack\u201d this November @ SQL Rally Amsterdam"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-fff445edb30258b9bd3bb46e5dacad74\">\n#top .av-special-heading.av-av_heading-fff445edb30258b9bd3bb46e5dacad74{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-av_heading-fff445edb30258b9bd3bb46e5dacad74 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-av_heading-fff445edb30258b9bd3bb46e5dacad74 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-fff445edb30258b9bd3bb46e5dacad74 av-special-heading-h3 blockquote modern-quote  avia-builder-el-0  el_before_av_textblock  avia-builder-el-first '><h3 class='av-special-heading-tag'  itemprop=\"headline\"  >Security-Session: <span class='special_amp'>\u201c<\/span>SQL Server under Attack<span class='special_amp'>\u201d<\/span> this November @ SQL Rally Amsterdam<\/h3><div class='av-subheading av-subheading_below'><p>\u2013 privilege elevation, DoS-attack via SQL Injection and more.. live action<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>Alright, this is going to be the by far most active year in terms of speaking at international conferences: After 6 conferences last year, including SQL Rally Nordic, which I really liked a lot, I had to decide between SQL Rally Nordic again or <a href=\"http:\/\/www.sqlpass.org\/sqlrally\/2013\/amsterdam\/Home.aspx\" target=\"_blank\" rel=\"noopener\">SQL Rally Amsterdam<\/a> or even both.<!--more--><\/p>\n<p>I decided for <strong>SQL Rally Amsterdam<\/strong>, because it is new, and because I promised the Dutch Chapter leader to hand in a session. So this year no SQL Rally Nordic.<\/p>\n<ul>\n<li>Having spoken at already 7 conference this year, including 1.5 days of PreCon (<a href=\"http:\/\/www.andreas-wolter.com\/sql-conferences\/sql-conferences-2013.htm\">www.andreas-wolter.com\/sql-conferences\/sql-conferences-2013.htm<\/a> ) + 3 more coming up (PASS Summit Charlotte USA, TechNet Berlin Germany, PASS Camp Darmstadt Germany), 11 conferences in 2013 really is a lot. Also considering once in a while my customers are actually happy if I have time for them :-).<\/li>\n<\/ul>\n<\/div><\/section>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_image-1cc3969bc2cf9176267fcc92def9dca7\">\n.avia-image-container.av-av_image-1cc3969bc2cf9176267fcc92def9dca7 img.avia_image{\nbox-shadow:none;\n}\n.avia-image-container.av-av_image-1cc3969bc2cf9176267fcc92def9dca7 .av-image-caption-overlay-center{\ncolor:#ffffff;\n}\n<\/style>\n<div  class='avia-image-container av-av_image-1cc3969bc2cf9176267fcc92def9dca7 av-styling- avia-align-center  avia-builder-el-2  el_after_av_textblock  el_before_av_textblock '   itemprop=\"image\" itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/ImageObject\" ><div class=\"avia-image-container-inner\"><div class=\"avia-image-overlay-wrap\"><img decoding=\"async\" class='wp-image-3463 avia-img-lazy-loading-not-3463 avia_image ' src=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam.png\" alt='' title='1310_Speaker_SQL_Rally_Amsterdam'  height=\"250\" width=\"250\"  itemprop=\"thumbnailUrl\" srcset=\"https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam.png 250w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam-100x100.png 100w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam-80x80.png 80w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam-36x36.png 36w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam-180x180.png 180w, https:\/\/andreas-wolter.com\/wp-content\/uploads\/2017\/10\/1310_Speaker_SQL_Rally_Amsterdam-120x120.png 120w\" sizes=\"(max-width: 250px) 100vw, 250px\" \/><\/div><\/div><\/div>\r\n\r\n<section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><p>SQL Rally Amsterdam offers a choice of 5 (!) real high quality <a href=\"http:\/\/www.sqlpass.org\/sqlrally\/2013\/amsterdam\/Agenda\/PreconferenceSeminars.aspx\" target=\"_blank\" rel=\"noopener\">PreCons<\/a> on Nov. 6th and 3 parallel session tracks on Nov. 7th-8th.: <a href=\"http:\/\/www.sqlpass.org\/sqlrally\/2013\/amsterdam\/Agenda\/ConferenceSessions\/SessionsBI.aspx\" target=\"_blank\" rel=\"noopener\">BI Platform Architecture, Development and Administration<\/a>, <a href=\"http:\/\/www.sqlpass.org\/sqlrally\/2013\/amsterdam\/Agenda\/ConferenceSessions\/SessionsDBA.aspx\" target=\"_blank\" rel=\"noopener\">Enterprise Database Administration and Deployment<\/a>, <a href=\"http:\/\/www.sqlpass.org\/sqlrally\/2013\/amsterdam\/Agenda\/ConferenceSessions\/SessionsDEV.aspx\" target=\"_blank\" rel=\"noopener\">Database and Application Development<\/a> with many well-known international speakers, MCMs and MVPs.<\/p>\n<p>I will be presenting <a href=\"http:\/\/www.sqlpass.org\/sqlrally\/2013\/amsterdam\/Agenda\/ConferenceSessions\/SessionsDBA.aspx\" target=\"_blank\" rel=\"noopener\">\u201cSQL Attack(ed)\u201d \u2013 SQL Server Under Attack<\/a>. A demo-loaded <strong>security session<\/strong> featuring 2 newly developed <strong>privilege elevation<\/strong> and <strong>DoS-attack<\/strong> techniques, <strong>executed via SQL-Injection<\/strong>, that I personally <a href=\"http:\/\/www.insidesql.org\/blogs\/andreaswolter\/2013\/07\/security-session-sql-server-attack-ed\" target=\"_blank\" rel=\"noopener\">developed this summer<\/a> in preparation of SQLSaturday Germany\/Rheinland and also shown at <a href=\"http:\/\/www.insidesql.org\/blogs\/andreaswolter\/2013\/08\/precon-performance-analysis-tuning-techniques-sqlsaturday-258\" target=\"_blank\" rel=\"noopener\">SQLSaturday in Istanbul<\/a>.<\/p>\n<p>So if you want to see some reasons for taking security measures like permissions serious, live and in action, check it out!<\/p>\n<p>CU in Amsterdam<br \/>\nAndreas<\/p>\n<\/div><\/section>\r\n\r\n<div  class='hr av-av_hr-0ff602b3e980a3377077ff3c1c834df6 hr-default  avia-builder-el-4  el_after_av_textblock  el_before_av_one_full '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_one_full-97c650ae075063b375f558a776c570f8\">\n#top .flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nmargin-top:40px;\nmargin-bottom:40px;\n}\n.flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nborder-radius:0px 0px 0px 0px;\npadding:0px 0px 0px 0px;\n}\n.responsive #top #wrap_all .flex_column.av-av_one_full-97c650ae075063b375f558a776c570f8{\nmargin-top:40px;\nmargin-bottom:40px;\n}\n<\/style>\n<div  class='flex_column av-av_one_full-97c650ae075063b375f558a776c570f8 av_one_full  avia-builder-el-5  el_after_av_hr  el_before_av_social_share  first flex_column_div av-zero-column-padding  '     ><section  class='av_textblock_section av-av_textblock-2de302bf1aa3cf4c9157dbe6f50ac7eb '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/BlogPosting\" itemprop=\"blogPost\" ><div class='avia_textblock'  itemprop=\"text\" ><div><\/div>\n<div><\/div>\n<\/div><\/section><\/div>\r\n\r\n<div  class='av-social-sharing-box av-av_social_share-8644d330ffb238fff0cfa858c5295467 av-social-sharing-box-default  avia-builder-el-7  el_after_av_one_full  el_before_av_hr  av-social-sharing-box-fullwidth'><div class=\"av-share-box\"><h5 class='av-share-link-description av-no-toc '>Share<\/h5><ul class=\"av-share-box-list noLightbox\"><li class='av-share-link av-social-link-facebook' ><a target=\"_blank\" aria-label=\"Share on Facebook\" href=\"https:\/\/www.facebook.com\/sharer.php?u=https:\/\/andreas-wolter.com\/en\/security-session-sql-server-under-attack-this-november-sql-rally-amsterdam\/&#038;t=Security-Session%3A%20%E2%80%9CSQL%20Server%20under%20Attack%E2%80%9D%20this%20November%20%40%20SQL%20Rally%20Amsterdam\" aria-hidden=\"false\" data-av_icon=\"\ue8f3\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Facebook\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Facebook<\/span><\/a><\/li><li class='av-share-link av-social-link-twitter' ><a target=\"_blank\" aria-label=\"Share on Twitter\" href=\"https:\/\/twitter.com\/share?text=Security-Session%3A%20%E2%80%9CSQL%20Server%20under%20Attack%E2%80%9D%20this%20November%20%40%20SQL%20Rally%20Amsterdam&#038;url=https:\/\/andreas-wolter.com\/en\/?p=3468\" aria-hidden=\"false\" data-av_icon=\"\ue8f1\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on Twitter\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on Twitter<\/span><\/a><\/li><li class='av-share-link av-social-link-linkedin' ><a target=\"_blank\" aria-label=\"Share on LinkedIn\" href=\"https:\/\/linkedin.com\/shareArticle?mini=true&#038;title=Security-Session%3A%20%E2%80%9CSQL%20Server%20under%20Attack%E2%80%9D%20this%20November%20%40%20SQL%20Rally%20Amsterdam&#038;url=https:\/\/andreas-wolter.com\/en\/security-session-sql-server-under-attack-this-november-sql-rally-amsterdam\/\" aria-hidden=\"false\" data-av_icon=\"\ue8fc\" data-av_iconfont=\"entypo-fontello\" title=\"\" data-avia-related-tooltip=\"Share on LinkedIn\" rel=\"noopener\"><span class='avia_hidden_link_text'>Share on LinkedIn<\/span><\/a><\/li><\/ul><\/div><\/div>\r\n\r\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_hr-4474f20d2389e2e5ecf918a02da5132e\">\n#top .hr.hr-invisible.av-av_hr-4474f20d2389e2e5ecf918a02da5132e{\nheight:50px;\n}\n<\/style>\n<div  class='hr av-av_hr-4474f20d2389e2e5ecf918a02da5132e hr-invisible  avia-builder-el-8  el_after_av_social_share  el_before_av_comments_list '><span class='hr-inner '><span class=\"hr-inner-style\"><\/span><\/span><\/div>\r\n\r\n<div  class='av-buildercomment av-av_comments_list-88ce68e426f11248fa394058a3de040f  av-blog-meta-author-disabled av-blog-meta-html-info-disabled'><\/div>","protected":false},"excerpt":{"rendered":"Alright, this is going to be the by far most active year in terms of speaking at international conferences: After 6 conferences last year, including SQL Rally Nordic, which I really liked a lot, I had to decide between SQL Rally Nordic again or SQL Rally Amsterdam or even both.","protected":false},"author":4,"featured_media":3465,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[97,57,64],"tags":[260,244,228,27,245,232,233,246],"class_list":["post-3468","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-conferences-en","category-security-en","category-sqlpass-en","tag-hacking-en","tag-konferenz-en","tag-privilege-escalation-en","tag-security-en","tag-session-en","tag-sicherheit-en","tag-sql-injection-en","tag-vortrag-en"],"_links":{"self":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/3468","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/comments?post=3468"}],"version-history":[{"count":3,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/3468\/revisions"}],"predecessor-version":[{"id":3757,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/posts\/3468\/revisions\/3757"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media\/3465"}],"wp:attachment":[{"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/media?parent=3468"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/categories?post=3468"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/andreas-wolter.com\/en\/wp-json\/wp\/v2\/tags?post=3468"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}