Stealing the credentials of a security principal with the intent of elevating your allowed permissions is known as identity spoofing. There are various ways that an attacker may attempt to steal credentials. This chapter discusses some of those methods, as well as countermeasures that you can put in place to mitigate the risk.
Protecting the sa Account
Although it has long been best practice to use Windows authentication rather than mixed mode authentication, which allows authentication using both Windows authentication and SQL authentication, the majority of corporate instances (in my experience) are still ...
