Suche senden
Hochladen
Database honeypot by design
•
Als PPTX, PDF herunterladen
•
5 gefällt mir
•
6,617 views
Q
qqlan
Folgen
Technologie
Melden
Teilen
Melden
Teilen
1 von 23
Jetzt herunterladen
Empfohlen
3.3. Database honeypot
3.3. Database honeypot
defconmoscow
C# to python
C# to python
Tess Ferrandez
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin
.Net debugging 2017
.Net debugging 2017
Tess Ferrandez
MongoDB Drivers And High Availability: Deep Dive
MongoDB Drivers And High Availability: Deep Dive
emptysquare
Bsides chicago 2013 honeypots
Bsides chicago 2013 honeypots
Tazdrumm3r
REST in peace @ IPC 2012 in Mainz
REST in peace @ IPC 2012 in Mainz
Alessandro Nadalin
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE
Empfohlen
3.3. Database honeypot
3.3. Database honeypot
defconmoscow
C# to python
C# to python
Tess Ferrandez
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin on Discovering That Your Linux Box is Hacked
Anton Chuvakin
.Net debugging 2017
.Net debugging 2017
Tess Ferrandez
MongoDB Drivers And High Availability: Deep Dive
MongoDB Drivers And High Availability: Deep Dive
emptysquare
Bsides chicago 2013 honeypots
Bsides chicago 2013 honeypots
Tazdrumm3r
REST in peace @ IPC 2012 in Mainz
REST in peace @ IPC 2012 in Mainz
Alessandro Nadalin
[Russia] MySQL OOB injections
[Russia] MySQL OOB injections
OWASP EEE
Penetration testing (AS IS)
Penetration testing (AS IS)
Dmitry Evteev
Mobile Device Security
Mobile Device Security
qqlan
Pentest requirements
Pentest requirements
Glib Pakharenko
Alexey Sintsov - Where do the money lie
Alexey Sintsov - Where do the money lie
DefconRussia
CodeFest 2012. Белов С. — Пентест на стероидах. Автоматизируем процесс
CodeFest 2012. Белов С. — Пентест на стероидах. Автоматизируем процесс
CodeFest
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
qqlan
Что общего у CTF и тестов на проникновение?
Что общего у CTF и тестов на проникновение?
beched
Avoid the Hack
Avoid the Hack
Jason Jakus
Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"
Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"
Defcon Moscow
Web security
Web security
Sync.NET
С чего начать свой путь этичного хакера?
С чего начать свой путь этичного хакера?
Vadym_Chakrian
Что такое пентест
Что такое пентест
Dmitry Evteev
Wps pixie dust attack
Wps pixie dust attack
invad3rsam
автоматизируем пентест Wifi сети
автоматизируем пентест Wifi сети
Olesya Shelestova
#root это только начало
#root это только начало
Vlad Styran
Этичный хакинг или пентестинг в действии
Этичный хакинг или пентестинг в действии
SQALab
Сканирование уязвимостей со вкусом Яндекса. Тарас Иващенко, Яндекс
Сканирование уязвимостей со вкусом Яндекса. Тарас Иващенко, Яндекс
yaevents
Кое-что о Wi-Fi (Денис Жевнер)
Кое-что о Wi-Fi (Денис Жевнер)
IT Club Mykolayiv
Wi Fi Security
Wi Fi Security
yousef emami
этичный хакинг и тестирование на проникновение (Publ)
этичный хакинг и тестирование на проникновение (Publ)
Teymur Kheirkhabarov
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101
MongoDB
Data Management and Streaming Strategies in Drakensang Online
Data Management and Streaming Strategies in Drakensang Online
Andre Weissflog
Weitere ähnliche Inhalte
Andere mochten auch
Penetration testing (AS IS)
Penetration testing (AS IS)
Dmitry Evteev
Mobile Device Security
Mobile Device Security
qqlan
Pentest requirements
Pentest requirements
Glib Pakharenko
Alexey Sintsov - Where do the money lie
Alexey Sintsov - Where do the money lie
DefconRussia
CodeFest 2012. Белов С. — Пентест на стероидах. Автоматизируем процесс
CodeFest 2012. Белов С. — Пентест на стероидах. Автоматизируем процесс
CodeFest
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
qqlan
Что общего у CTF и тестов на проникновение?
Что общего у CTF и тестов на проникновение?
beched
Avoid the Hack
Avoid the Hack
Jason Jakus
Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"
Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"
Defcon Moscow
Web security
Web security
Sync.NET
С чего начать свой путь этичного хакера?
С чего начать свой путь этичного хакера?
Vadym_Chakrian
Что такое пентест
Что такое пентест
Dmitry Evteev
Wps pixie dust attack
Wps pixie dust attack
invad3rsam
автоматизируем пентест Wifi сети
автоматизируем пентест Wifi сети
Olesya Shelestova
#root это только начало
#root это только начало
Vlad Styran
Этичный хакинг или пентестинг в действии
Этичный хакинг или пентестинг в действии
SQALab
Сканирование уязвимостей со вкусом Яндекса. Тарас Иващенко, Яндекс
Сканирование уязвимостей со вкусом Яндекса. Тарас Иващенко, Яндекс
yaevents
Кое-что о Wi-Fi (Денис Жевнер)
Кое-что о Wi-Fi (Денис Жевнер)
IT Club Mykolayiv
Wi Fi Security
Wi Fi Security
yousef emami
этичный хакинг и тестирование на проникновение (Publ)
этичный хакинг и тестирование на проникновение (Publ)
Teymur Kheirkhabarov
Andere mochten auch
(20)
Penetration testing (AS IS)
Penetration testing (AS IS)
Mobile Device Security
Mobile Device Security
Pentest requirements
Pentest requirements
Alexey Sintsov - Where do the money lie
Alexey Sintsov - Where do the money lie
CodeFest 2012. Белов С. — Пентест на стероидах. Автоматизируем процесс
CodeFest 2012. Белов С. — Пентест на стероидах. Автоматизируем процесс
Kaspersky SAS SCADA in the Cloud
Kaspersky SAS SCADA in the Cloud
Что общего у CTF и тестов на проникновение?
Что общего у CTF и тестов на проникновение?
Avoid the Hack
Avoid the Hack
Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"
Defcon Moscow #0x0A - Dmitry Evteev "Pentest vs. APT"
Web security
Web security
С чего начать свой путь этичного хакера?
С чего начать свой путь этичного хакера?
Что такое пентест
Что такое пентест
Wps pixie dust attack
Wps pixie dust attack
автоматизируем пентест Wifi сети
автоматизируем пентест Wifi сети
#root это только начало
#root это только начало
Этичный хакинг или пентестинг в действии
Этичный хакинг или пентестинг в действии
Сканирование уязвимостей со вкусом Яндекса. Тарас Иващенко, Яндекс
Сканирование уязвимостей со вкусом Яндекса. Тарас Иващенко, Яндекс
Кое-что о Wi-Fi (Денис Жевнер)
Кое-что о Wi-Fi (Денис Жевнер)
Wi Fi Security
Wi Fi Security
этичный хакинг и тестирование на проникновение (Publ)
этичный хакинг и тестирование на проникновение (Publ)
Ähnlich wie Database honeypot by design
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101
MongoDB
Data Management and Streaming Strategies in Drakensang Online
Data Management and Streaming Strategies in Drakensang Online
Andre Weissflog
System design basics - Part 1
System design basics - Part 1
Md Imran Hasan Hira
Scaling Rails with memcached
Scaling Rails with memcached
elliando dias
Redis — memcached on steroids
Redis — memcached on steroids
Robert Lehmann
Deploying PHP on PaaS: Why and How?
Deploying PHP on PaaS: Why and How?
Docker, Inc.
Google File System
Google File System
guest2cb4689
Os Gottfrid
Os Gottfrid
oscon2007
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)
WordCamp Cape Town
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
Romania Testing
Enemies of the west
Enemies of the west
Neil Lines
STP201 Efficiency at Scale - AWS re: Invent 2012
STP201 Efficiency at Scale - AWS re: Invent 2012
Amazon Web Services
My Sql And Search At Craigslist
My Sql And Search At Craigslist
MySQLConference
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
MongoDB
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
Chris Gates
How do i Meet MongoDB
How do i Meet MongoDB
Antonio Scalzo
What You Need To Know About The Top Database Trends
What You Need To Know About The Top Database Trends
Dell World
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Joseph Scott
Blue Team on a Budget: Defending Your Network with Free Tools
Blue Team on a Budget: Defending Your Network with Free Tools
Brian Johnson
Writing a Fullstack Application with Javascript - Remote media player
Writing a Fullstack Application with Javascript - Remote media player
Tikal Knowledge
Ähnlich wie Database honeypot by design
(20)
Ops Jumpstart: MongoDB Administration 101
Ops Jumpstart: MongoDB Administration 101
Data Management and Streaming Strategies in Drakensang Online
Data Management and Streaming Strategies in Drakensang Online
System design basics - Part 1
System design basics - Part 1
Scaling Rails with memcached
Scaling Rails with memcached
Redis — memcached on steroids
Redis — memcached on steroids
Deploying PHP on PaaS: Why and How?
Deploying PHP on PaaS: Why and How?
Google File System
Google File System
Os Gottfrid
Os Gottfrid
Roy foubister (hosting high traffic sites on a tight budget)
Roy foubister (hosting high traffic sites on a tight budget)
Kiran karnad rtc2014 ghdb-final
Kiran karnad rtc2014 ghdb-final
Enemies of the west
Enemies of the west
STP201 Efficiency at Scale - AWS re: Invent 2012
STP201 Efficiency at Scale - AWS re: Invent 2012
My Sql And Search At Craigslist
My Sql And Search At Craigslist
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
Ensuring High Availability for Real-time Analytics featuring Boxed Ice / Serv...
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
The Dirty Little Secrets They Didn’t Teach You In Pentesting Class
How do i Meet MongoDB
How do i Meet MongoDB
What You Need To Know About The Top Database Trends
What You Need To Know About The Top Database Trends
Site Performance - From Pinto to Ferrari
Site Performance - From Pinto to Ferrari
Blue Team on a Budget: Defending Your Network with Free Tools
Blue Team on a Budget: Defending Your Network with Free Tools
Writing a Fullstack Application with Javascript - Remote media player
Writing a Fullstack Application with Javascript - Remote media player
Mehr von qqlan
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
qqlan
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТП
qqlan
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
qqlan
Best of Positive Research 2013
Best of Positive Research 2013
qqlan
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychik
qqlan
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
qqlan
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
qqlan
Pt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещение
qqlan
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHC
qqlan
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
qqlan
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already know
qqlan
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
qqlan
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
qqlan
Techniques of attacking ICS systems
Techniques of attacking ICS systems
qqlan
Positive Technologies Application Inspector
Positive Technologies Application Inspector
qqlan
Positive Technologies Application Inspector
Positive Technologies Application Inspector
qqlan
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrieval
qqlan
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
qqlan
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
qqlan
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
qqlan
Mehr von qqlan
(20)
D1 t1 t. yunusov k. nesterov - bootkit via sms
D1 t1 t. yunusov k. nesterov - bootkit via sms
Миссиоцентрический подход к кибербезопасности АСУ ТП
Миссиоцентрический подход к кибербезопасности АСУ ТП
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
ABUSE THEIR CLOUDS. ОБЛАЧНЫЕ ВЫЧИСЛЕНИЯ ГЛАЗАМИ ПЕНТЕСТЕРА, ЮРИЙ ГОЛЬЦЕВ, СЕ...
Best of Positive Research 2013
Best of Positive Research 2013
Web-style Wireless IDS attacks, Sergey Gordeychik
Web-style Wireless IDS attacks, Sergey Gordeychik
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
G. Gritsai, A. Timorin, Y. Goltsev, R. Ilin, S. Gordeychik, and A. Karpin, “S...
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
SCADA StrangeLove: Too Smart Grid in da Cloud [31c3]
Pt infosec - 2014 - импортозамещение
Pt infosec - 2014 - импортозамещение
SCADA StrangeLove Kaspersky SAS 2014 - LHC
SCADA StrangeLove Kaspersky SAS 2014 - LHC
Firebird Interbase Database engine hacks or rtfm
Firebird Interbase Database engine hacks or rtfm
SCADA StrangeLove 2: We already know
SCADA StrangeLove 2: We already know
Internet connected ICS/SCADA/PLC
Internet connected ICS/SCADA/PLC
SCADA deep inside:protocols and software architecture
SCADA deep inside:protocols and software architecture
Techniques of attacking ICS systems
Techniques of attacking ICS systems
Positive Technologies Application Inspector
Positive Technologies Application Inspector
Positive Technologies Application Inspector
Positive Technologies Application Inspector
Black Hat: XML Out-Of-Band Data Retrieval
Black Hat: XML Out-Of-Band Data Retrieval
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
ICS/SCADA/PLC Google/Shodanhq Cheat Sheet v2
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
PT - Siemens WinCC Flexible Security Hardening Guide
PT - Siemens WinCC Flexible Security Hardening Guide
Kürzlich hochgeladen
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
LoriGlavin3
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
mohitsingh558521
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
BookNet Canada
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
Addepto
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Lonnie McRorey
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
LoriGlavin3
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
Fwdays
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
LoriGlavin3
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
2toLead Limited
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Stephanie Beckett
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
LoriGlavin3
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Databarracks
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Raghuram Pandurangan
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Nathaniel Shimoni
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Rick Flair
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
ScyllaDB
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
Fwdays
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Lars Bell
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Zilliz
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Dilum Bandara
Kürzlich hochgeladen
(20)
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
How to write a Business Continuity Plan
How to write a Business Continuity Plan
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
Training state-of-the-art general text embedding
Training state-of-the-art general text embedding
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
Database honeypot by design
1.
Vote
2.
Vote
3.
Database honeypot by
design @GiftsUngiven @cyberpunkych
4.
Pre-history
5.
6.
7.
8.
bla bla bla
9.
Data analysis Бро, не
забудь надеть очки, дальше хэкерская правда
10.
Data analysis #1 client
request LOAD DATA LOCAL INFILE "C:Windowssystem32driversetchosts" INTO TABLE mysql.test
11.
Data analysis #2 server
response
12.
Data analysis #3 client
answer
13.
Data analysis #? What
if we skip client request and just send server response to get a file for any request?
14.
Data analysis #?
15.
Data analysis #! 1
– client send ‘select’ query request 2 – server send response ‘I want a file’ 3 – client send file content
16.
Profit! - a little
bit of script language to automate process - A lot of fun
17.
Remember me? Now you
know what to do!
18.
Honeypot? Want to hack
my mysql? Okay… I will exchange your requests for your files. Please, run ‘msfconsole’ under root.
19.
Whhyyyyyy?
20.
Good guy Ares We:
MiTM? Ares: No problems! http://intercepter.nerf.ru/
21.
Good guy Ares
22.
Is it vulnerable?
23.
Tnhx. questions?
Jetzt herunterladen