Tag
high
advisory
Windows SQL Server xp_cmdshell Configuration Change Detected
2 rules 1 TTPDetection of changes to the xp_cmdshell configuration in SQL Server, a feature often abused by attackers for privilege escalation and lateral movement by enabling execution of operating system commands.
SQL Server +3
sql_server
xp_cmdshell
privilege_escalation
lateral_movement
windows
2r
1t
medium
threat
MSSQL xp_cmdshell Stored Procedure Abuse for Persistence
2 rules 2 TTPsAttackers may leverage the xp_cmdshell stored procedure in Microsoft SQL Server to execute arbitrary commands for privilege escalation and persistence, often bypassing default security configurations.
SQL Server
persistence
sql-server
xp_cmdshell
windows
2r
2t