Hey! Your database got pwned

Presented at Blue Team Con 2022, Aug. 27, 2022, 4:10 p.m. (30 minutes)

A data breach is an organization's worst nightmare. Your databases can be used as a pivot to infiltrate the organization or may be the target to exfiltrate sensitive data. In this talk we will explore different exploitation techniques used by attackers to attack databases. We will dive into practical real life examples captured by our honeypots around the world and present advanced detection approach to identify attacks such as: ransom and crypto mining campaigns, malware deployment, distributed brute-force attacks, evasion techniques and slow & low exfiltration.

Presenters:

• Sarit Yerushalmi - Security Researcher, Imperva
  Security researcher at Imperva for the last 10 years. Experienced with security research in the areas of web application, cloud and API. Developer at heart. B.Sc. in Computer Science.

Similar Presentations:

• A New HOPE (2022) / Combating "Ransom-War:" Evolving Landscape of Ransomware Infections in Cloud Databases
• Kernelcon 2022 / Hey! Your database got pwned