Video description
The internet is mostly web applications and most web applications are connected to a database. These databases store everything from usernames and passwords to credit card numbers, social security numbers, and tons of other sensitive or useful information. In many cases, the ability to compromise a database will soon lead to a much greater system or organization compromise.
This class is going to cover the basics of how databases work, identifying databases, hacking SQL database, and more modern NoSQL databases. We are going to cover what to do once you hack a database. Additionally, we will be discussing ways to protect your own applications from these attacks as we progress through the course.
Table of Contents
Chapter 1: Introduction and Setup
Course Overview
Lab Setup
Chapter 2: Introduction to Databases
Introduction to Databases
Database Management Demo
Chapter 3: Differences Between SQL and NoSQL Databases
Differences Between SQL and NoSQL Databases
Chapter 4: Pentest Cases for SQL and NoSQL
Introduction to SQL Injection
Database Reconnaissance and Port Scanning
Chapter 5: Exploiting Databases for Fun and Profit
Exploiting Databases for Fun and Profit – Part 1
Exploiting Databases for Fun and Profit – Part 2
Exploiting Databases for Fun and Profit – Part 3
Exploiting Databases for Fun and Profit – Part 4
Chapter 6: Privilege Escalation and Chaining Attacks
Modifying Stored Data to Gain Account Access
From Injection to Shell
Leveraging Dumped Data
Chapter 7: Database Vulnerability and Misconfiguration Mitigation Techniques
Database Vulnerability and Misconfiguration Mitigation Techniques
Chapter 8: Course Conclusion and Final Comments
Course Conclusion