Part 1: (un)Trustworthy Databases
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-1-untrustworthy-databases
Part 2: User Impersonation
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-2-user-impersonation
Part 3: SQL Injection
https://blog.netspi.com/hacking-sql-server-stored-procedures-part-3-sqli-and-user-impersonation
Part 4: Enumerating Domain Accounts
https://blog.netspi.com/hacking-sql-server-procedures-part-4-enumerating-domain-accounts