Overview
Learn about an innovative MySQL honeypot system presented at DEF CON that actively counterattacks malicious actors through a conference talk. Explore how researchers leveraged multiple CVEs, including CVE-2023-21980 and CVE-2024-21096, to create a defensive system that executes remote code on attacking clients. Discover the implementation of a three-vulnerability chain combining arbitrary file read capabilities with two remote code execution vulnerabilities in MySQL and mysqldump utility. Gain insights into how this atomic honeypot successfully identified new attack vectors against MySQL servers, while enabling researchers to analyze attacker code and launch counteroffensive measures against malicious actors attempting to compromise MySQL systems.
Syllabus
DEF CON 32 - Atomic Honeypot-A MySQL Honeypot That Drops Shells - Alexander Rubin, Martin Rakhmanov
Taught by
DEFCONConference