Learn about an innovative MySQL honeypot system presented at DEF CON that actively counterattacks malicious actors through a conference talk. Explore how researchers leveraged multiple CVEs, including CVE-2023-21980 and CVE-2024-21096, to create a defensive system that executes remote code on attacking clients. Discover the implementation of a three-vulnerability chain combining arbitrary file read capabilities with two remote code execution vulnerabilities in MySQL and mysqldump utility. Gain insights into how this atomic honeypot successfully identified new attack vectors against MySQL servers, while enabling researchers to analyze attacker code and launch counteroffensive measures against malicious actors attempting to compromise MySQL systems.
Atomic Honeypot - A MySQL Honeypot That Drops Shells
Overview
Syllabus
DEF CON 32 - Atomic Honeypot-A MySQL Honeypot That Drops Shells - Alexander Rubin, Martin Rakhmanov
Taught by
DEFCONConference
Related Courses
-
How MySQL Servers Can Attack YOU
-
Outlook Unleashing RCE Chaos: Exploiting CVE-2024-30103
-
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
-
Terminally Owned - 60 Years of Terminal Escape Code Vulnerabilities
-
Reverse Engineering and Hacking Ecovacs Robots - Security Vulnerabilities and Privacy Concerns
-
SQL Injection Isn't Dead: Smuggling Queries at the Protocol Level
