filmov
tv
Confused deputy problem for databases: a method ofr privilege escalation in MariaDB
Показать описание
Operation systems had a confused deputy based privilege escalations for ages. But does it exist in a database? In the session I will demonstrate a number of cases where a simple select can be used to escalate a privilege inside the MariaDB database
Alexander Rubin, Amazon Web Services
Alexander is a Principal Security Engineerat Amazon Web Services (AWS), leading RDS Red Team.
Alexander was working as MySQL principal consultant/architect for over 15 years, started with MySQL AB in 2006 (company behind MySQL database), Sun Microsystems, Oracle and then Percona. His security pentest/red teaming interest started with playing CTFs and performing opensource security research. Alexander is leading RDS (relational database as a service) Red Team at Amazon Web Services
Alexander Rubin, Amazon Web Services
Alexander is a Principal Security Engineerat Amazon Web Services (AWS), leading RDS Red Team.
Alexander was working as MySQL principal consultant/architect for over 15 years, started with MySQL AB in 2006 (company behind MySQL database), Sun Microsystems, Oracle and then Percona. His security pentest/red teaming interest started with playing CTFs and performing opensource security research. Alexander is leading RDS (relational database as a service) Red Team at Amazon Web Services
0:46:31
Confused deputy problem for databases: a method ofr privilege escalation in MariaDB
0:16:33
Confused Deputy Problem Explained
0:28:06
BSidesRDU 2022 - Confused deputy problem for MySQL & PostgreSQL: a method for privilege escalati...
0:37:04
SAINTCON 2023 - Alexander Rubin - Confused Deputy Problem
0:03:24
4.3 Confused Deputy Problem
0:04:11
The Confused Deputy Problem
0:11:16
Using IAM Enumeration to Explore the Confused Deputy Problem
0:01:32
SAA C03 — Origin Access Control
0:04:33
AdeptDC - AWS_CloudWatch_Read_only_Credential_Creation
0:20:32
Hardening Java's Access Control by Abolishing Implicit Privilege Elevation
0:36:04
Cross-site Request Forgery (CSRF) and Confused Deputies
0:46:52
Cloudy With a Chance of Vulnerabilities: Finding & exploiting vulnerabilities in cloud - Sagi &a...
0:00:23
AWS Scenario Based Interview Questions that are commonly asked for AWS (Amazon Web Services) roles
0:20:54
Scaling Identity & Access in Multi-Account Enterprises: Complexities & Strategies for Effect...
0:30:55
Take a Deep Dive Into Common SaaS Data Breaches and How to Avoid Them - AppOmni
0:34:49
Topeaks #19 - IAM: Identity and Access Management
0:00:15
AWS Solutions Architect Associate Certification Practice Questions | Question No. 24 #aws #shorts
0:44:07
Pen-testing opensource databases (MySQL and PostgreSQL) - Alexander Rubin
0:00:13
AWS Solutions Architect Associate Certification Practice Questions | Question No. 43 #aws #shorts
0:50:34
CSE 545 S16: 'Application Insecurity pt. 1'
0:23:48
GopherCon 2018: Tess Rinearson - An Over Engineering Disaster with Macaroons
0:48:14
LinuxFest Northwest 2024: Pen-testing opensource databases (MySQL and PostgreSQL)
1:00:17
AWS re:Invent 2018: The Theory and Math Behind Data Privacy and Security Assurance (SEC301)
0:44:29
Alexander Rubin, Martin Rakhmanov - Pen-testing opensource databases (MySQL and PostgreSQL)
Комментарии