SlideShare a Scribd company logo

Cruel (SQL) Intentions

Download as PPTX, PDF
E
ezra_c

The document analyzes SQL injection attacks from data collected from Akamai's platform protecting over 167,000 servers. It shows that over 59% of SQL injections were for probing and testing, while over 23% were for credential theft. The summary at the end states that malicious actors use a variety of techniques in SQL injections, including data exfiltration, privilege escalation, executing commands, infecting or corrupting data, and denial of service.

Technology
1 of 18
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Cruel (SQL) Intentions - An analysis of malicious intentions behind real world SQL injection attacks Ezra Caltum – Sr. Security Researcher Akamai Mysql> SELECT title FROM talk; Mysql> SELECT author FROM talk;
• The Platform • 167,000+ Servers • 2,300+ Locations • 750+ Cities • 92 Countries • 1,227+ Networks • The Data • 2 trillion hits per day • 780 million unique IPv4 addresses seen quarterly • 13+ trillion log lines per day • 260+ terabytes of compressed daily logs 15 - 30% of all web traffic
Mysql> SELECT COUNT(DISTINCT days) FROM research_data; +-------+ | days | +-------+ | 7 | +-------+
Mysql> SELECT COUNT(DISTINCT apps) FROM research_data; +-------+ | apps | +-------+ | 2000 | +-------+
Mysql> SELECT COUNT(DISTINCT injections) FROM research_data; +--------------+ | injections | +--------------+ | 8,425,489 | +--------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage FROM research_data WHERE category = 'SQL INJECTION PROBING AND INJECTION TESTING'; +------------+-----------------------+ |injections | percentage | +------------+-----------------------+ | 5,021,240 | 59.59% | +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'ENVIROMENT PROBING AND TESTING'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 1,308,681 | 15.5% | 38.42% | +------------+------------+----------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DATABASE CONTENT RETRIEVAL'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 129,814 | 1.5403% | 3.811054%| +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'CREDENTIAL THEFT'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 1,950,749 | 23.14745% |57.269712%| +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'LOGIN BYPASS'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 5,467 | 00.064871%|00.160499%| +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DATA FILE EXTRACTION'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 24 | 0.00028% |0.0007% | +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DENIAL OF SERVICE'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 326 | 0.00387% | 0.009571%| +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DATA CORRUPTION'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 2,238 | 0.026556% | 0.065702%| +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DEFACEMENT AND CONTENT INJECTION'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ |8,156 | 0.096778% |0.239442% | +------------+-----------------------+
Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'RCE'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 794 | 0.00942% | 0.023310%| +------------+-----------------------+
Mysql> SELECT summary FROM talk +------------+-----------------------+ | summary +------------+-----------------------+ |Malicious actors use a variety of | |of techniques. | |Not only data exfiltration, but: | |Elevate privileges, execute commands,| |infect or corrupt data, deny service | +------------+-----------------------+
DROP /**/ TABLE talk; Twitter: @aCaltum http://ezra.c.com.mx http://www.stateoftheinternet.com
SELECT questions FROM attendees WHERE (used_time + question_time) <= 15;

More Related Content

PPTX
Time Series Analysis for Network Secruity
mrphilroth
 
PPTX
Everything you always wanted to know about datetime types but didn’t have tim...
MartinHanssonOracle
 
PPTX
Oracle 122 partitioning_in_action_slide_share
Thomas Teske
 
PDF
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
Hiroshi Sekiguchi
 
PDF
SQLチューニング総合診療Oracle CloudWorld出張所
Hiroshi Sekiguchi
 
PDF
db tech showcase Tokyo 2014 - L36 - JPOUG : SQLチューニング総合診療所 ケースファイルX
Hiroshi Sekiguchi
 
PPT
15 protips for mysql users pfz
Joshua Thijssen
 
PPTX
Perth APAC Groundbreakers tour - SQL Techniques
Connor McDonald
 
Time Series Analysis for Network Secruity
mrphilroth
 
Everything you always wanted to know about datetime types but didn’t have tim...
MartinHanssonOracle
 
Oracle 122 partitioning_in_action_slide_share
Thomas Teske
 
E34 : [JPOUG Presents] Oracle Database の隠されている様々な謎を解くセッション「なーんでだ?」再び @ db tec...
Hiroshi Sekiguchi
 
SQLチューニング総合診療Oracle CloudWorld出張所
Hiroshi Sekiguchi
 
db tech showcase Tokyo 2014 - L36 - JPOUG : SQLチューニング総合診療所 ケースファイルX
Hiroshi Sekiguchi
 
15 protips for mysql users pfz
Joshua Thijssen
 
Perth APAC Groundbreakers tour - SQL Techniques
Connor McDonald
 

Viewers also liked (13)

PPTX
Basic learning theories
mordecao
 
PDF
ViSeQR: Etichette come impronte digitali
CREAF Srl Prato (Italy)
 
PPTX
Examples of Required Documents
Jaron Denson
 
PDF
profile new
Stars Indonesia Band
 
PDF
ใบงานที่ 1 แบบสำรวจตนเอง
Sadanan Kuhamaneerat
 
PDF
Wordsmith essay editors
Wordsmith Essay Editors
 
DOC
Mithun Khatei
Mithun Khatei
 
PDF
100 preguntas-sobre-sexualidad-adolescente
Consuelo A. Rehbein Caerols
 
PDF
Lean Innovation: l’opportunità concreta di dare nuovo valore all’impresa
CREAF Srl Prato (Italy)
 
PPTX
Transformative learning
Suayni Biggs
 
PPTX
Trespass to the person
Suayni Biggs
 
PPTX
Nuisance
Suayni Biggs
 
PDF
Minuta leyes secretas - Consejo Transparencia
Consuelo A. Rehbein Caerols
 
Basic learning theories
mordecao
 
ViSeQR: Etichette come impronte digitali
CREAF Srl Prato (Italy)
 
Examples of Required Documents
Jaron Denson
 
profile new
Stars Indonesia Band
 
ใบงานที่ 1 แบบสำรวจตนเอง
Sadanan Kuhamaneerat
 
Wordsmith essay editors
Wordsmith Essay Editors
 
Mithun Khatei
Mithun Khatei
 
100 preguntas-sobre-sexualidad-adolescente
Consuelo A. Rehbein Caerols
 
Lean Innovation: l’opportunità concreta di dare nuovo valore all’impresa
CREAF Srl Prato (Italy)
 
Transformative learning
Suayni Biggs
 
Trespass to the person
Suayni Biggs
 
Nuisance
Suayni Biggs
 
Minuta leyes secretas - Consejo Transparencia
Consuelo A. Rehbein Caerols
 
Ad

Similar to Cruel (SQL) Intentions (20)

PDF
SQL Injection Tutorial
Magno Logan
 
PDF
Appreciative Advanced Blind SQLI Attack
ijtsrd
 
PPTX
SQL Injection Stegnography in Pen Testing
191013607gouthamsric
 
PPTX
SQL INJECTION
Ziaullah Khan
 
KEY
10x improvement-mysql-100419105218-phpapp02
promethius
 
KEY
10x Performance Improvements
Ronald Bradford
 
PPTX
Understanding and preventing sql injection attacks
Kevin Kline
 
PDF
Understanding advanced blind sqli attack
Nguyễn Đoàn
 
PPTX
Advanced structure query language, Data science
nivetha10042003
 
PPT
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
PDF
Sql injection
Bee_Ware
 
PDF
Sql injection manish file
yukta888
 
PPTX
Sql injection - security testing
Napendra Singh
 
PPTX
seminar report on Sql injection
Jawhar Ali
 
PPT
Sql security
Safwan Hashmi
 
PDF
Practical Sql A Beginners Guide To Storytelling With Data 2nd Edition 2 Conve...
sargobedona6
 
PPT
ShmooCon 2009 - (Re)Playing(Blind)Sql
Chema Alonso
 
PDF
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
ODP
Optimizing mysql stored routines uc2010
Roland Bouman
 
PDF
SQL Performance Solutions: Refactor Mercilessly, Index Wisely
Enkitec
 
SQL Injection Tutorial
Magno Logan
 
Appreciative Advanced Blind SQLI Attack
ijtsrd
 
SQL Injection Stegnography in Pen Testing
191013607gouthamsric
 
SQL INJECTION
Ziaullah Khan
 
10x improvement-mysql-100419105218-phpapp02
promethius
 
10x Performance Improvements
Ronald Bradford
 
Understanding and preventing sql injection attacks
Kevin Kline
 
Understanding advanced blind sqli attack
Nguyễn Đoàn
 
Advanced structure query language, Data science
nivetha10042003
 
Web application attacks using Sql injection and countermasures
Cade Zvavanjanja
 
Sql injection
Bee_Ware
 
Sql injection manish file
yukta888
 
Sql injection - security testing
Napendra Singh
 
seminar report on Sql injection
Jawhar Ali
 
Sql security
Safwan Hashmi
 
Practical Sql A Beginners Guide To Storytelling With Data 2nd Edition 2 Conve...
sargobedona6
 
ShmooCon 2009 - (Re)Playing(Blind)Sql
Chema Alonso
 
IRJET - SQL Injection: Attack & Mitigation
IRJET Journal
 
Optimizing mysql stored routines uc2010
Roland Bouman
 
SQL Performance Solutions: Refactor Mercilessly, Index Wisely
Enkitec
 
Ad

Recently uploaded (20)

PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
Cloud computing and distributed systems.
kkkkkhan
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Spectroscopy.pptx food analysis technology
nawahassan45
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Encapsulation theory and applications.pdf
gurumoop
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 

Cruel (SQL) Intentions

  • 1. Cruel (SQL) Intentions - An analysis of malicious intentions behind real world SQL injection attacks Ezra Caltum – Sr. Security Researcher Akamai Mysql> SELECT title FROM talk; Mysql> SELECT author FROM talk;
  • 2. • The Platform • 167,000+ Servers • 2,300+ Locations • 750+ Cities • 92 Countries • 1,227+ Networks • The Data • 2 trillion hits per day • 780 million unique IPv4 addresses seen quarterly • 13+ trillion log lines per day • 260+ terabytes of compressed daily logs 15 - 30% of all web traffic
  • 3. Mysql> SELECT COUNT(DISTINCT days) FROM research_data; +-------+ | days | +-------+ | 7 | +-------+
  • 4. Mysql> SELECT COUNT(DISTINCT apps) FROM research_data; +-------+ | apps | +-------+ | 2000 | +-------+
  • 5. Mysql> SELECT COUNT(DISTINCT injections) FROM research_data; +--------------+ | injections | +--------------+ | 8,425,489 | +--------------+
  • 6. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage FROM research_data WHERE category = 'SQL INJECTION PROBING AND INJECTION TESTING'; +------------+-----------------------+ |injections | percentage | +------------+-----------------------+ | 5,021,240 | 59.59% | +------------+-----------------------+
  • 7. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'ENVIROMENT PROBING AND TESTING'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 1,308,681 | 15.5% | 38.42% | +------------+------------+----------+
  • 8. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DATABASE CONTENT RETRIEVAL'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 129,814 | 1.5403% | 3.811054%| +------------+-----------------------+
  • 9. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'CREDENTIAL THEFT'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 1,950,749 | 23.14745% |57.269712%| +------------+-----------------------+
  • 10. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'LOGIN BYPASS'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 5,467 | 00.064871%|00.160499%| +------------+-----------------------+
  • 11. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DATA FILE EXTRACTION'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 24 | 0.00028% |0.0007% | +------------+-----------------------+
  • 12. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DENIAL OF SERVICE'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 326 | 0.00387% | 0.009571%| +------------+-----------------------+
  • 13. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DATA CORRUPTION'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 2,238 | 0.026556% | 0.065702%| +------------+-----------------------+
  • 14. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'DEFACEMENT AND CONTENT INJECTION'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ |8,156 | 0.096778% |0.239442% | +------------+-----------------------+
  • 15. Mysql> SELECT COUNT(DISTINCT injections) as injections, COUNT(DISTINCT injections)/8425489 as percentage, COUNT(DISTINCT injections)/3406249 as norm_perc FROM research_data WHERE category = 'RCE'; +------------+-----------------------+ | injections | percentage | norm_perc| +------------+-----------------------+ | 794 | 0.00942% | 0.023310%| +------------+-----------------------+
  • 16. Mysql> SELECT summary FROM talk +------------+-----------------------+ | summary +------------+-----------------------+ |Malicious actors use a variety of | |of techniques. | |Not only data exfiltration, but: | |Elevate privileges, execute commands,| |infect or corrupt data, deny service | +------------+-----------------------+
  • 17. DROP /**/ TABLE talk; Twitter: @aCaltum http://ezra.c.com.mx http://www.stateoftheinternet.com
  • 18. SELECT questions FROM attendees WHERE (used_time + question_time) <= 15;