The access to this course is restricted to Hakin9 Premium or IT Pack Premium Subscription
We will also lay down the general and core concepts for understanding the databases, like how they work, why they are used and what are the known vulnerabilities or weaknesses to exploit and gain illegitimate access. Microsoft SQL Server and MYSQL server are the two main database servers we will be discussing. However, we will also cover general hacking tricks that can be used in order to hack into any backend database servers. We will consider if live hacking sessions are possible in a live environment which can be shown so that PoC is presented. However, we will cover home lab setup so students can build at home to practice the hacking skills taught in this course. We will also cover Structured Query Language (SQL) which plays a key role for security researchers and in our experiences a security professional or researchers is not considered expert if he or she doesn’t have any solid experience with databases and SQL.
You should know
We expect that students have prior knowledge of at least beginner level for the following topics in order to get the most out of this course.
Microsoft Windows Experience
Understands core concepts of TCP/IP
Beginner level experience with MYSQL Server
Beginner level experience with MS SQL Server
Beginner level experience with SQL Statement
You will learn
Knowledge on different database servers
Methods of hacking into database servers
Basic SQL Injections
Advanced SQL Injections
Tools for database hacking
This course is designed in order to provide broader aspects of how someone can hack into backend databases and can own the underlying operating system, steal confidential information or can compromise web applications. At a minimum, you will learn much about different database types and how to compromise them or at least learn different methods of hacking attempts.
Who should take this course?
This would be a good start for people who have basic database knowledge and have some concepts of how web applications work but doesn’t have mandatory knowledge or any experience in ethical hacking or penetration testing.
Information Security Officers
New Graduates in IT
Newbies, who want to learn hacking
What Students should bring
One PC, which can run 2-3 Virtual Machines
Guided Lab development will be covered in the workshop
The course is self-paced – you can visit the training whenever you want and your content will be there.
Once you’re in, you keep access forever, even when you finish the course.
There are no deadlines, except for the ones you set for yourself.
Tutorial 1 – Case Study on Manually Hacking Web Applications
Tutorial 2 – Quick Walkthrough on Blind SQL Injection Attack
Walkthrough on Compromising Backend Database with SQLi Attack Advanced SQLi Attack
What you should know to Advance your Database Hacking Skills
Tutorial 1 – Knowledge Base
Home Lab – Windows Server 2008 & MS SQL Server 2008
Tutorial 2 – Vulnerable Web Application Setup
Home Lab – IIS Server, Database Creation, Run The Web Tool: Hacking MYSQL & MS SQL Server with SQLMAP
Raheel Ahmad is an information security professional and an experienced instructor and penetration tester with a computer graduate degree and holds 10 years of professional experience working for Big4 and boutique consulting companies. He holds industry recognized certifications including CISSP, CEH, CEI, MCP, MCT, CobIT, and CRISC. Raheel is a founder of 26SecureLabs, a management consulting company based in Auckland, New Zealand. 26SecureLabs provides ethical hacking and penetration testing services as its core business. Best way to [email protected]