SlideShare une entreprise Scribd logo

2019 indit blackhat_honeypot your database server

Télécharger en tant que PPTX, PDF
Georgi Kodinov
Georgi Kodinov

slides from the Indit Blackhat conference

Logiciels
1  sur  25
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Your Database Georgi “Joro” Kodinov Copyright © 2019, Oracle and/or its affiliates. All rights reserved.
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Georgi “Joro” Kodinov, MySQL @ Oracle  Server General Team Lead  Works on MySQL since 2006  Specializes in:  Security  Client/server protocol  Performance monitoring  Component infrastructure  Loves history, diverse world cultures, technology  A devoted Formula 1 fan (Go, Leclerc !)
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. – Wikipedia 4
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 1: Detect 5
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 2: Deflect 6
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 3: Counteract 7
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Let’s Do Detect ! Confidential – Oracle Internal/Restricted/Highly Restricted 8
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 9 Practicalities
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | But First: Some Terminology ! Confidential – Oracle Internal/Restricted/Highly Restricted 10
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The MySQL Server Architecture Confidential – Oracle Internal/Restricted/Highly Restricted 11 Query Processor Storage Engine1 Storage Engine2 Plugins Plugin API Plugin Services Storage Engine API Network
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Popular Plugin Types Type Purpose Storage Engine API Implements a database table Audit API Fires at various server events (e.g. a new login, a query start, a query end, etc) User Defined Functions Implements SQL callable function in native language Authentication External authentication for MySQL Daemon Just init and deinit: no further calls Confidential – Oracle Internal/Restricted/Highly Restricted 12
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Introducing github.com/gkodinov/audit_tripwire • An audit log plugin • Listens on table access events • If a non-DBA accesses a pre-defined “attractive” table – Logs a special message for the DBA into the server error log – Rejects all further commands until the DBA resets it • Couple of lines of code • Easily customizable 13
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | A Taste of Code static int audit_tripwire_notify(MYSQL_THD thd, mysql_event_class_t event_class, const void *event) { /* if we're in panic mode stop all commands from non-supers */ if (panic_mode_value && !is_super(thd)) return TRUE; /* Check if the table (if specified) is accessed */ if (event_class == MYSQL_AUDIT_TABLE_ACCESS_CLASS && (audit_tripwire_table_value || audit_tripwire_db_value)) { const struct mysql_event_table_access *table_access= (const struct mysql_event_table_access *)event; if (!is_super(thd)) { /* check for a matching table name */ if (audit_tripwire_table_value && strncmp(table_access->table_name.str, audit_tripwire_table_value, table_access->table_name.length)) return FALSE; /* check for a matching database name */ if (audit_tripwire_db_value && strncmp(table_access->table_database.str, audit_tripwire_db_value, table_access->table_database.length)) return FALSE; /* table is accessed. Time to panic ! */ my_plugin_log_message(&plugin, MY_WARNING_LEVEL, "Tripwire table `%s`.`%s` accessed from " "connection id %d. Switching to panic mode",…) ); panic_mode_value= TRUE; return TRUE; } } return FALSE; } 14
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Compile • Put the files in plugin/audit_tripwire of a source distro or a git tree • Compile the source distro • http://dev.mysql.com/doc/refman/5.7/en/compiling-plugin-libraries.html for more details 15
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Set audit_tripwire Up • CREATE DATABASE hr; • CREATE TABLE hr.salaries(person varchar(100), salary integer); • GRANT ALL PRIVILEGES on hr.* to ''@'localhost'; • INSTALL PLUGIN audit_tripwire SONAME 'audit_tripwire.dll'; • SET GLOBAL audit_tripwire_table='salaries'; • SET GLOBAL audit_tripwire_db='hr'; 16
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | hr | +--------------------+ 2 rows in set (0.00 sec) 17
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> use hr; Database changed mysql> show tables; +--------------+ | Tables_in_hr | +--------------+ | salaries | +--------------+ 1 row in set (0.00 sec) 18
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show create table salariesG *************************** 1. row *************************** Table: salaries Create Table: CREATE TABLE `salaries` ( `person` varchar(100) DEFAULT NULL, `salary` int(11) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) 19
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 20 Mmmmmmm !?!
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Trespassing (as haxor@localhost) mysql> select * from salaries limit 10; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_TABLE_ACCESS_READ';1). mysql> select 1; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_COMMAND_START';1). 21 2019-09-20T15:30:31.285577Z 14 [Warning] Plugin audit_tripwire reported: 'Tripwire table `hr`.`salaries` accessed from connection id 14. Switching to panic mode' Server’s console/error log
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 22 Buuuuzzzzzz !
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Defusing (as root@localhost) mysql> set global audit_tripwire_panic_mode=0; Query OK, 0 rows affected (0.00 sec) 23
Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Questions ? 24
2019 indit blackhat_honeypot your database server

Recommandé

Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchWomen in Technology Poland
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL FirewallGeorgi Kodinov
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
New index features in MySQL 8
New index features in MySQL 8New index features in MySQL 8
New index features in MySQL 8Erik Frøseth
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 

Recommandé

Fosdem17 honeypot your database server
Fosdem17 honeypot your database serverFosdem17 honeypot your database server
Fosdem17 honeypot your database serverGeorgi Kodinov
 
The MySQL SYS Schema
The MySQL SYS SchemaThe MySQL SYS Schema
The MySQL SYS SchemaMark Leith
 
Introduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorIntroduction to MySQL Enterprise Monitor
Introduction to MySQL Enterprise MonitorMark Leith
 
Marcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchMarcin Szałowicz - MySQL Workbench
Marcin Szałowicz - MySQL WorkbenchWomen in Technology Poland
 
2016 oSC MySQL Firewall
2016 oSC MySQL Firewall2016 oSC MySQL Firewall
2016 oSC MySQL FirewallGeorgi Kodinov
 
Performance schema and_ps_helper
Performance schema and_ps_helperPerformance schema and_ps_helper
Performance schema and_ps_helperMark Leith
 
New index features in MySQL 8
New index features in MySQL 8New index features in MySQL 8
New index features in MySQL 8Erik Frøseth
 
Instrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaInstrumenting plugins for Performance Schema
Instrumenting plugins for Performance SchemaMark Leith
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
Developing Information Schema Plugins
Developing Information Schema PluginsDeveloping Information Schema Plugins
Developing Information Schema PluginsMark Leith
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Sangam 18 - The New Optimizer in Oracle 12c
Sangam 18 - The New Optimizer in Oracle 12cSangam 18 - The New Optimizer in Oracle 12c
Sangam 18 - The New Optimizer in Oracle 12cConnor McDonald
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMark Leith
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
Oracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirOracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirilkerb
 
MySQL Performance Schema : fossasia
MySQL Performance Schema : fossasiaMySQL Performance Schema : fossasia
MySQL Performance Schema : fossasiaMayank Prasad
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Extending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorExtending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorMark Leith
 
Replication featuresinmysql5.7andbeyond osi-final
Replication featuresinmysql5.7andbeyond osi-finalReplication featuresinmysql5.7andbeyond osi-final
Replication featuresinmysql5.7andbeyond osi-finalSujatha Sivakumar
 
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...Frederic Descamps
 
MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015Mayank Prasad
 
MySQL InnoDB Cluster in a Nutshell - Hands-on Lab
MySQL InnoDB Cluster in a Nutshell - Hands-on LabMySQL InnoDB Cluster in a Nutshell - Hands-on Lab
MySQL InnoDB Cluster in a Nutshell - Hands-on LabFrederic Descamps
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7Osama Mustafa
 
Introduction to MySQL InnoDB Cluster
Introduction to MySQL InnoDB ClusterIntroduction to MySQL InnoDB Cluster
Introduction to MySQL InnoDB ClusterFrederic Descamps
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorOracleMySQL
 
20190713_MySQL開発最新動向
20190713_MySQL開発最新動向20190713_MySQL開発最新動向
20190713_MySQL開発最新動向Machiko Ikoma
 
MySQL Quick Dive
MySQL Quick DiveMySQL Quick Dive
MySQL Quick DiveSudipta Kumar Sahoo
 

Contenu connexe

Tendances

MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMark Leith
 
Developing Information Schema Plugins
Developing Information Schema PluginsDeveloping Information Schema Plugins
Developing Information Schema PluginsMark Leith
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMark Leith
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep diveMark Leith
 
Sangam 18 - The New Optimizer in Oracle 12c
Sangam 18 - The New Optimizer in Oracle 12cSangam 18 - The New Optimizer in Oracle 12c
Sangam 18 - The New Optimizer in Oracle 12cConnor McDonald
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAsMark Leith
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schemaMark Leith
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMario Beck
 
Oracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirOracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirilkerb
 
MySQL Performance Schema : fossasia
MySQL Performance Schema : fossasiaMySQL Performance Schema : fossasia
MySQL Performance Schema : fossasiaMayank Prasad
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Mark Leith
 
Extending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorExtending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorMark Leith
 
Replication featuresinmysql5.7andbeyond osi-final
Replication featuresinmysql5.7andbeyond osi-finalReplication featuresinmysql5.7andbeyond osi-final
Replication featuresinmysql5.7andbeyond osi-finalSujatha Sivakumar
 
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...Frederic Descamps
 
MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015Mayank Prasad
 
MySQL InnoDB Cluster in a Nutshell - Hands-on Lab
MySQL InnoDB Cluster in a Nutshell - Hands-on LabMySQL InnoDB Cluster in a Nutshell - Hands-on Lab
MySQL InnoDB Cluster in a Nutshell - Hands-on LabFrederic Descamps
 
Introduction to MySQL InnoDB Cluster
Introduction to MySQL InnoDB ClusterIntroduction to MySQL InnoDB Cluster
Introduction to MySQL InnoDB ClusterFrederic Descamps
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorOracleMySQL
 

Tendances (20)

MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
Mysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sysMysql tech day_paris_ps_and_sys
Mysql tech day_paris_ps_and_sys
 
Developing Information Schema Plugins
Developing Information Schema PluginsDeveloping Information Schema Plugins
Developing Information Schema Plugins
 
MySQL Monitoring Mechanisms
MySQL Monitoring MechanismsMySQL Monitoring Mechanisms
MySQL Monitoring Mechanisms
 
MySQL sys schema deep dive
MySQL sys schema deep diveMySQL sys schema deep dive
MySQL sys schema deep dive
 
Sangam 18 - The New Optimizer in Oracle 12c
Sangam 18 - The New Optimizer in Oracle 12cSangam 18 - The New Optimizer in Oracle 12c
Sangam 18 - The New Optimizer in Oracle 12c
 
MySQL for Oracle DBAs
MySQL for Oracle DBAsMySQL for Oracle DBAs
MySQL for Oracle DBAs
 
Performance schema and sys schema
Performance schema and sys schemaPerformance schema and sys schema
Performance schema and sys schema
 
MySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench IntegrationMySQL's Performance Schema, SYS Schema and Workbench Integration
MySQL's Performance Schema, SYS Schema and Workbench Integration
 
Oracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakirOracle11g suse11 ilker bakir
Oracle11g suse11 ilker bakir
 
MySQL Performance Schema : fossasia
MySQL Performance Schema : fossasiaMySQL Performance Schema : fossasia
MySQL Performance Schema : fossasia
 
Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7Performance Schema and Sys Schema in MySQL 5.7
Performance Schema and Sys Schema in MySQL 5.7
 
Extending MySQL Enterprise Monitor
Extending MySQL Enterprise MonitorExtending MySQL Enterprise Monitor
Extending MySQL Enterprise Monitor
 
Replication featuresinmysql5.7andbeyond osi-final
Replication featuresinmysql5.7andbeyond osi-finalReplication featuresinmysql5.7andbeyond osi-final
Replication featuresinmysql5.7andbeyond osi-final
 
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
MySQL Document Store - How to replace a NoSQL database by MySQL without effor...
 
MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015MySQL Performance Schema, Open Source India, 2015
MySQL Performance Schema, Open Source India, 2015
 
MySQL InnoDB Cluster in a Nutshell - Hands-on Lab
MySQL InnoDB Cluster in a Nutshell - Hands-on LabMySQL InnoDB Cluster in a Nutshell - Hands-on Lab
MySQL InnoDB Cluster in a Nutshell - Hands-on Lab
 
12c on RHEL7
12c on RHEL712c on RHEL7
12c on RHEL7
 
Introduction to MySQL InnoDB Cluster
Introduction to MySQL InnoDB ClusterIntroduction to MySQL InnoDB Cluster
Introduction to MySQL InnoDB Cluster
 
Solving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise MonitorSolving Performance Problems Using MySQL Enterprise Monitor
Solving Performance Problems Using MySQL Enterprise Monitor
 

Similaire à 2019 indit blackhat_honeypot your database server

20190713_MySQL開発最新動向
20190713_MySQL開発最新動向20190713_MySQL開発最新動向
20190713_MySQL開発最新動向Machiko Ikoma
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMiguel Araújo
 
20190915_MySQL開発最新動向
20190915_MySQL開発最新動向20190915_MySQL開発最新動向
20190915_MySQL開発最新動向Machiko Ikoma
 
MySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoMySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoKeith Hollman
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...Geir Høydalsvik
 
20200613 my sql-ha-deployment
20200613 my sql-ha-deployment20200613 my sql-ha-deployment
20200613 my sql-ha-deploymentIvan Ma
 
MySQL 8.0 Released Update
MySQL 8.0 Released UpdateMySQL 8.0 Released Update
MySQL 8.0 Released UpdateKeith Hollman
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMiguel Araújo
 
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best PracticesOracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best PracticesSven Sandberg
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0Mayank Prasad
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)
MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)
MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)Miguel Araújo
 
AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...
AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...
AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...Sandesh Rao
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI
 
AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...
AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...
AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...Sandesh Rao
 

Similaire à 2019 indit blackhat_honeypot your database server (20)

20190713_MySQL開発最新動向
20190713_MySQL開発最新動向20190713_MySQL開発最新動向
20190713_MySQL開発最新動向
 
MySQL Quick Dive
MySQL Quick DiveMySQL Quick Dive
MySQL Quick Dive
 
MySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB ClustersMySQL 8 High Availability with InnoDB Clusters
MySQL 8 High Availability with InnoDB Clusters
 
20190915_MySQL開発最新動向
20190915_MySQL開発最新動向20190915_MySQL開発最新動向
20190915_MySQL開発最新動向
 
MySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demoMySQL 8.0 InnoDB Cluster demo
MySQL 8.0 InnoDB Cluster demo
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
 
20200613 my sql-ha-deployment
20200613 my sql-ha-deployment20200613 my sql-ha-deployment
20200613 my sql-ha-deployment
 
MySQL 8.0 Released Update
MySQL 8.0 Released UpdateMySQL 8.0 Released Update
MySQL 8.0 Released Update
 
MySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA ToolMySQL Shell - The Best MySQL DBA Tool
MySQL Shell - The Best MySQL DBA Tool
 
My sql8 innodb_cluster
My sql8 innodb_clusterMy sql8 innodb_cluster
My sql8 innodb_cluster
 
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best PracticesOracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
Oracle OpenWorld 2013 - HOL9737 MySQL Replication Best Practices
 
MySQL NoSQL APIs
MySQL NoSQL APIsMySQL NoSQL APIs
MySQL NoSQL APIs
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
My sql 5.6&MySQL Cluster 7.3
My sql 5.6&MySQL Cluster 7.3My sql 5.6&MySQL Cluster 7.3
My sql 5.6&MySQL Cluster 7.3
 
MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0MySQL Performance Schema in MySQL 8.0
MySQL Performance Schema in MySQL 8.0
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
 
MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)
MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)
MySQL Router - Explore The Secrets (MySQL Belgian Days 2024)
 
AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...
AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...
AIOUG - Groundbreakers - Jul 2019 - 19 Troubleshooting Tips and Tricks for Da...
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
 
AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...
AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...
AUSOUG - NZOUG - Groundbreakers - Jun 2019 - 19 Troubleshooting Tips and Tric...
 

Plus de Georgi Kodinov

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptxGeorgi Kodinov
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptxGeorgi Kodinov
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneGeorgi Kodinov
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql cloneGeorgi Kodinov
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL CloneGeorgi Kodinov
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaGeorgi Kodinov
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkGeorgi Kodinov
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureGeorgi Kodinov
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data MaskingGeorgi Kodinov
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityGeorgi Kodinov
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQLGeorgi Kodinov
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLGeorgi Kodinov
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityGeorgi Kodinov
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentGeorgi Kodinov
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7Georgi Kodinov
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceGeorgi Kodinov
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLGeorgi Kodinov
 

Plus de Georgi Kodinov (20)

2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx2023 TurnovoConf MySQL Authentication.pptx
2023 TurnovoConf MySQL Authentication.pptx
 
2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx2022 TurnovoConf MySQL за начинаещи.pptx
2022 TurnovoConf MySQL за начинаещи.pptx
 
OpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL CloneOpenSUSE Conf 2020 MySQL Clone
OpenSUSE Conf 2020 MySQL Clone
 
2020 pre fosdem mysql clone
2020 pre fosdem mysql clone2020 pre fosdem mysql clone
2020 pre fosdem mysql clone
 
2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone2019 BGOUG Autumn MySQL Clone
2019 BGOUG Autumn MySQL Clone
 
PLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schemaPLe19 How To Instrument Your Code in performance_schema
PLe19 How To Instrument Your Code in performance_schema
 
DevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 SecurityDevTalks.ro 2019 What's New in MySQL 8.0 Security
DevTalks.ro 2019 What's New in MySQL 8.0 Security
 
DevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking TalkDevTalks.ro 2019 MySQL Data Masking Talk
DevTalks.ro 2019 MySQL Data Masking Talk
 
FOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component InfrastructureFOSDEM19 MySQL Component Infrastructure
FOSDEM19 MySQL Component Infrastructure
 
MySQL Enterprise Data Masking
MySQL Enterprise Data MaskingMySQL Enterprise Data Masking
MySQL Enterprise Data Masking
 
Percona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 SecurityPercona Live Europe 2018: What's New in MySQL 8.0 Security
Percona Live Europe 2018: What's New in MySQL 8.0 Security
 
How to add stuff to MySQL
How to add stuff to MySQLHow to add stuff to MySQL
How to add stuff to MySQL
 
Pl18 saving bandwidth
Pl18 saving bandwidthPl18 saving bandwidth
Pl18 saving bandwidth
 
BGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQLBGOUG17: Cloudy with a chance of MySQL
BGOUG17: Cloudy with a chance of MySQL
 
Pl17: MySQL 8.0: security
Pl17: MySQL 8.0: securityPl17: MySQL 8.0: security
Pl17: MySQL 8.0: security
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQL
 
Openfest15 MySQL Plugin Development
Openfest15 MySQL Plugin DevelopmentOpenfest15 MySQL Plugin Development
Openfest15 MySQL Plugin Development
 
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
OpenSuse 2015: Secure Deployment Changes Coming in MySQL 5.7
 
BGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack SurfaceBGOUG 2014 Decrease Your MySQL Attack Surface
BGOUG 2014 Decrease Your MySQL Attack Surface
 
BGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQLBGOUG 2014: Developing Using MySQL
BGOUG 2014: Developing Using MySQL
 

Dernier

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationkaushalgiri8080
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 

Dernier (20)

HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
Project Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanationProject Based Learning (A.I).pptx detail explanation
Project Based Learning (A.I).pptx detail explanation
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 

2019 indit blackhat_honeypot your database server

  • 1. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Your Database Georgi “Joro” Kodinov Copyright © 2019, Oracle and/or its affiliates. All rights reserved.
  • 2. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. 2
  • 3. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Georgi “Joro” Kodinov, MySQL @ Oracle  Server General Team Lead  Works on MySQL since 2006  Specializes in:  Security  Client/server protocol  Performance monitoring  Component infrastructure  Loves history, diverse world cultures, technology  A devoted Formula 1 fan (Go, Leclerc !)
  • 4. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | A honeypot is a computer security mechanism set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of information systems. – Wikipedia 4
  • 5. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 1: Detect 5
  • 6. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 2: Deflect 6
  • 7. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Honeypot Variant 3: Counteract 7
  • 8. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Let’s Do Detect ! Confidential – Oracle Internal/Restricted/Highly Restricted 8
  • 9. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 9 Practicalities
  • 10. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | But First: Some Terminology ! Confidential – Oracle Internal/Restricted/Highly Restricted 10
  • 11. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The MySQL Server Architecture Confidential – Oracle Internal/Restricted/Highly Restricted 11 Query Processor Storage Engine1 Storage Engine2 Plugins Plugin API Plugin Services Storage Engine API Network
  • 12. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Popular Plugin Types Type Purpose Storage Engine API Implements a database table Audit API Fires at various server events (e.g. a new login, a query start, a query end, etc) User Defined Functions Implements SQL callable function in native language Authentication External authentication for MySQL Daemon Just init and deinit: no further calls Confidential – Oracle Internal/Restricted/Highly Restricted 12
  • 13. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Introducing github.com/gkodinov/audit_tripwire • An audit log plugin • Listens on table access events • If a non-DBA accesses a pre-defined “attractive” table – Logs a special message for the DBA into the server error log – Rejects all further commands until the DBA resets it • Couple of lines of code • Easily customizable 13
  • 14. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | A Taste of Code static int audit_tripwire_notify(MYSQL_THD thd, mysql_event_class_t event_class, const void *event) { /* if we're in panic mode stop all commands from non-supers */ if (panic_mode_value && !is_super(thd)) return TRUE; /* Check if the table (if specified) is accessed */ if (event_class == MYSQL_AUDIT_TABLE_ACCESS_CLASS && (audit_tripwire_table_value || audit_tripwire_db_value)) { const struct mysql_event_table_access *table_access= (const struct mysql_event_table_access *)event; if (!is_super(thd)) { /* check for a matching table name */ if (audit_tripwire_table_value && strncmp(table_access->table_name.str, audit_tripwire_table_value, table_access->table_name.length)) return FALSE; /* check for a matching database name */ if (audit_tripwire_db_value && strncmp(table_access->table_database.str, audit_tripwire_db_value, table_access->table_database.length)) return FALSE; /* table is accessed. Time to panic ! */ my_plugin_log_message(&plugin, MY_WARNING_LEVEL, "Tripwire table `%s`.`%s` accessed from " "connection id %d. Switching to panic mode",…) ); panic_mode_value= TRUE; return TRUE; } } return FALSE; } 14
  • 15. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Compile • Put the files in plugin/audit_tripwire of a source distro or a git tree • Compile the source distro • http://dev.mysql.com/doc/refman/5.7/en/compiling-plugin-libraries.html for more details 15
  • 16. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Set audit_tripwire Up • CREATE DATABASE hr; • CREATE TABLE hr.salaries(person varchar(100), salary integer); • GRANT ALL PRIVILEGES on hr.* to ''@'localhost'; • INSTALL PLUGIN audit_tripwire SONAME 'audit_tripwire.dll'; • SET GLOBAL audit_tripwire_table='salaries'; • SET GLOBAL audit_tripwire_db='hr'; 16
  • 17. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | hr | +--------------------+ 2 rows in set (0.00 sec) 17
  • 18. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> use hr; Database changed mysql> show tables; +--------------+ | Tables_in_hr | +--------------+ | salaries | +--------------+ 1 row in set (0.00 sec) 18
  • 19. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Lateral Movement (as haxor@localhost) mysql> show create table salariesG *************************** 1. row *************************** Table: salaries Create Table: CREATE TABLE `salaries` ( `person` varchar(100) DEFAULT NULL, `salary` int(11) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1 1 row in set (0.00 sec) 19
  • 20. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 20 Mmmmmmm !?!
  • 21. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | The Trespassing (as haxor@localhost) mysql> select * from salaries limit 10; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_TABLE_ACCESS_READ';1). mysql> select 1; ERROR 3164 (HY000): Aborted by Audit API ('MYSQL_AUDIT_COMMAND_START';1). 21 2019-09-20T15:30:31.285577Z 14 [Warning] Plugin audit_tripwire reported: 'Tripwire table `hr`.`salaries` accessed from connection id 14. Switching to panic mode' Server’s console/error log
  • 22. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | 22 Buuuuzzzzzz !
  • 23. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Defusing (as root@localhost) mysql> set global audit_tripwire_panic_mode=0; Query OK, 0 rows affected (0.00 sec) 23
  • 24. Copyright © 2019, Oracle and/or its affiliates. All rights reserved. | Questions ? 24