BSidesLV 2017 has ended
Back To Schedule
Wednesday, July 26 • 10:00 - 10:55
Why is China all up in my SQL server?

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Starting early in 2017, the honeypots I run in my lab began to receive a strangely large volume of inbound SQL connections from all over Asia, but mainly from China. Fortunately, I am recording the traffic of virtually everything that hits my dirty network, and discovered that the attacks appear to be automated, run at high volumes, and engage in a sophisticated and complex attempt to break into Microsoft SQL Server. In this presentation, I will provide a full walkthrough of the attack, detailing the methods in use and countermeasures you can employ to protect your server. I'll also provide historical and reputational context about the attackers' originating IP addresses and the other dirty stuff coming from those addresses. And let me tell you, it's pretty dirty.

avatar for Andrew Brandt

Andrew Brandt

Director of Threat Research, Symantec
Andrew Brandt is a network forensics and incident response nerd who loves running malware just to watch machines die. In his spare time he builds retro videogame platforms and rides mountain bikes, preferably in the dead of night. If you meet in person, talk to him about new musi... Read More →

Wednesday July 26, 2017 10:00 - 10:55 PDT
Underground (Florentine E) 255 E Flamingo Rd, Las Vegas, NV 89169