An important step on a red team engagement is collecting sensitive information. By demonstrating what kind of data a hacker could have access to, your client can better understand the impact of a real cyber-attack. In this course, Collection with PowerUpSQL, you will cover one of the most important tools for exploiting Microsoft SQL databases, the PowerUpSQL framework. First, you will learn how to get access to the database by discovering weak credentials in your target. Next, you will explore how to find and collect sensitive data in the database, including credit card information and stored passwords. Finally, you will see how to simulate a malicious attack of modifying stored data, hiding your tracks, and deleting entire tables. When you are finished with this course, you will have the skills and knowledge of PowerUpSQL needed to collect sensitive data from your target Microsoft SQL databases and cover four important tactics from the MITRE ATT&CK framework: Valid Accounts (T1078), Data from Local System (T1005), Stored Data Manipulation (T1492) and Data Destruction (T1485).
Author Name: Ricardo Reimao
Author Description:
Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

Table of Contents

• Course Overview
  1min
• Collecting Sensitive Data with PowerUpSQL
  22mins
• Resources
  2mins