Ok, so that’s what has happened: attacker got into our infrastructure, used SQL Server’s misconfiguration, created himself an account and… Exactly! And what? This is the moment that we wonder what else could happen and if it is possible to trace back hacker’s activities in our systems. Yes it is! By performing several analysis we are able to get enough evidence of performed malicious actions. Come and see what does it mean to be hacked and that nothing can be completely hidden!