The courses below were all published in 2015 or earlier. While we stand by pubishing them then, we’ve grown so much since. We recognize that these workshops don’t exactly meet our standards, as we understand them today.
All classes are available within our premium membership, and have adjusted CPE awards to reflect their respective contents. If you join, please keep in mind that some of the information inside might be outdated or not relevant. We’ll be adding notes at the beginning of each course to let you know what’s worth checking out in each!
The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
We will also lay down the general and core concepts for understanding the databases, like how they work, why they are used and what are the known vulnerabilities or weaknesses to exploit and gain illegitimate access. Microsoft SQL Server and MYSQL server are the two main database servers we will be discussing. However, we will also cover general hacking tricks that can be used in order to hack into any backend database servers. We will consider if live hacking sessions are possible in a live environment which can be shown so that PoC is presented. However, we will cover home lab setup so students can build at home to practice the hacking skills taught in this course. We will also cover Structured Query Language (SQL) which plays a key role for security researchers and in our experiences a security professional or researchers is not considered expert if he or she doesn’t have any solid experience with databases and SQL.
Certificate of completion, 1 CPE credit
You should know
We expect that students have prior knowledge of at least beginner level for the following topics in order to get the most out of this course.
- Microsoft Windows Experience
- Understands core concepts of TCP/IP
- Beginner level experience with MYSQL Server
- Beginner level experience with MS SQL Server
Beginner level experience with SQL Statement
You will learn
Knowledge on different database servers
- Methods of hacking into database servers
- SQL Statements
- Basic SQL Injections
- Advanced SQL Injections
- Tools for database hacking
This course is designed in order to provide broader aspects of how someone can hack into backend databases and can own the underlying operating system, steal confidential information or can compromise web applications. At a minimum, you will learn much about different database types and how to compromise them or at least learn different methods of hacking attempts.
Who should take this course?
This would be a good start for people who have basic database knowledge and have some concepts of how web applications work but doesn’t have mandatory knowledge or any experience in ethical hacking or penetration testing.
- Network Administrators
- Information Security Officers
- New Graduates in IT
- Newbies who want to learn hacking
What Students should bring
- Internet connection
- One PC, which can run 2-3 Virtual Machines
- Guided Lab development will be covered in the workshop
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
Understanding Database Core Concepts
- Tutorial 1: Hello World! Let’s try UDCC
- Example 1
SQL Statements with Injection Techniques
- Tutorial 1 – Introduction to SQL Statements
- Examples 1 - 4: SQLi
- Exercise 1 – Executing SQL Statements
- Tutorial 2 – SQL Injections Exercise 2 – Authentication Bypass Attack
Walkthrough on Hacking Databases
- Tutorial 1 – Case Study on Manually Hacking Web Applications
- Tutorial 2 – Quick Walkthrough on Blind SQL Injection Attack
- Walkthrough on Compromising Backend Database with SQLi Attack Advanced SQLi Attack
What you should know to Advance your Database Hacking Skills
- Tutorial 1 – Knowledge Base
- Home Lab – Windows Server 2008 & MS SQL Server 2008
- Tutorial 2 – Vulnerable Web Application Setup
- Home Lab – IIS Server, Database Creation, Run The Web Tool: Hacking MYSQL & MS SQL Server with SQLMAP
Raheel Ahmad is an information security professional and an experienced instructor and penetration tester with a computer graduate degree and holds 10 years of professional experience working for Big4 and boutique consulting companies. He holds industry recognized certifications including CISSP, CEH, CEI, MCP, MCT, CobIT, and CRISC. Raheel is a founder of 26SecureLabs, a management consulting company based in Auckland, New Zealand. 26SecureLabs provides ethical hacking and penetration testing services as its core business. Best way to reach [email protected]