Database administrators, analytics experts, and data scientists get paid big bucks to help structure, manage, and provide access to data in various database types, and rightfully so. But even if an application doesn't use this technology, or an enterprise doesn't invest in these database types outright, I'd wager that they all have a database installed that is arguably more important to their inner workings right under their noses--credential databases. Anytime a customer is using Microsoft Active Directory (AD), one of the many flavors of Lightweight Directory Application Protocol (LDAP), or another identity management system (IMS), there is an underlying database that is just begging to be tested.
Credential database hacks can have varying objectives. The most straightforward ones look to find a legitimate user's account to allow...
