- [Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog](https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/)

SQLサーバから別のところに侵入するパターンで、SQLサーバ上でOSのコマンドを利用してるケースが増えている。
各SQLサーバでOSコマンドを実行する方法を知りたい。

| Type | How To | Status |
| --- | --- | --- |
| SQL Server | [`xp_cmdshell`](https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/xp-cmdshell-transact-sql?view=sql-server-ver16) | Disable by Default |
| MySQL | [`system (\!)`](https://dev.mysql.com/doc/mysql-shell/8.0/en/mysql-shell-commands.html) | Enable in Terminal |
| PostgreSQL | [`COPY`](https://www.postgresql.org/docs/current/sql-copy.html) | Require [pg_execute_server_program](https://www.postgresql.org/docs/current/predefined-roles.html) role |

## Related

- [Exploiting PostgreSQL Restore - Blog](https://jon-stewart.github.io/exploiting-postgresql-restore/)