[Boogieman]

“Executing a command under the context of that account, whether through a batch file, an application, or SSMS isn’t elevating your privileges - it’s what you had when you logged onto that account.”

Yes, but batch files can be scheduled to run later, when you may not have elevated privileges anymore, so it’s an exploit you can use for various purposes when combined with that.

Similar to the old method used by the “Cuckoo’s Nest” hacker, if you ever read that book.

[Technical]

I'm reluctant to explain this again today, because I went around on this topic yesterday.

Also, the BAIT to get people to this conference was packet captures proving Chinese interference. Now we are SWITCHing the topic to talk about whether batch files can hack SQL Server.

They can't. Let's use your example, my AD account is CORP\joe. I'm dbo on a database. I create a batch file job in Task Scheduler (why would I ever do this??? Database maintenance jobs run in SQL Agent). I get demoted, and my CORP\joe creds are lowered (or elevated, you pick). When my nonsensical scheduled task runs under the context of CORP\joe, the permissions I have to the DB in this moment are applied, not when the job was created.

If you think database permissions are that unsophisticated, there isn't anything I can say to you that will register.