Be it a malicious insider or stolen credentials: once an attacker can run queries against a database, it comes down to the level of access. Depending on the actual permissions and configuration, there are many things the attacker can attempt to gain access to the data.
In this session, Andreas Wolter, former Program Manager for SQL security access control at Microsoft and Ralf Dietrich a veteran in system forensics will play a live battle of DBA vs attacker: in multiple rounds they will demonstrate common weaknesses and potential paths to privilege escalation, how an attacker can exploit them and how they can be fixed. While the focus is on permissions, we will also highlight complementary security controls such as auditing.
Expect an entertaining and demo-focused session and lots of valuable information from the field.