Detecting Malicious Activity: Unveiling the Secrets of MS-SQL Logging - Tristan Bennett

This talk was recorded at NDC Security in Oslo, Norway. #ndcsecurity #ndcconferences #security #developer #softwaredeveloper Attend the next NDC conference near you: https://ndcconferences.com https://ndc-security.com/ Subscribe to our YouTube channel and learn every day: /@NDC Follow our Social Media! https://www.facebook.com/ndcconferences https://twitter.com/NDC_Conferences https://www.instagram.com/ndc_conferences/ Detecting attack tools and techniques in MS-SQL started as an activity that we expected to test and completed within a few hours. Little did we know the complexity in getting logging to work and then transforming those logs into useful detections. This talk will walk through the various phases of our research culminating in a demonstration of an attack leverage a number of different tools and techniques within MS-SQL. The high level overview of the presentation; 1. The problem we faced initially when attempting to detect attack tools and techniques being used within MS-SQL databases 2. The configuration and documentation that we built out as part of our research. 3. The detections we crafted as a baseline to detect a number of tools and techniques. 4. An attack demonstration chaining a number of tools and techniques together 5. Some of the challenges faced across the entire process 6. Future items to work on as separate research pieces.