From SQL Recon to ATT&CK: Building Database-Aware Deception Telemetry for MySQL and PostgreSQL: Demo
Database-Aware Deception & MITRE ATT&CK Mapping | Project Demo This video demonstrates a database-aware deception pipeline that monitors SQL activity in MySQL and PostgreSQL using protocol-aware proxies. Instead of treating SQL queries as ordinary database logs, the system analyzes them as attacker behavior, maps suspicious activity to the MITRE ATT&CK framework, and generates risk-based security telemetry. The demo showcases how SQL queries are captured before reaching the backend database, processed through a Kafka-compatible event pipeline, evaluated using rule-based detections, and summarized into both event-level and session-level evidence. What you'll see in this demo MySQL and PostgreSQL proxy-based monitoring SQL query interception and normalization Kafka (Redpanda) telemetry pipeline MITRE ATT&CK event generation Session-based risk scoring Table enumeration detection Account and permission discovery detection Multi-statement SQL analysis SQL parser safety validation Honeytoken (trap-table) detection Critical risk classification and session summaries One of the highlights of the project is the detection of access attempts to a honeytoken table (`api_keys_backup`). Even though the table does not exist in the backend database, the proxy captures the request, identifies it as suspicious, and generates a MITRE ATT&CK-aligned critical security event, demonstrating how attacker intent can be detected independently of backend execution. Technologies Used MySQL PostgreSQL Docker Compose Redpanda (Kafka) Redis Python MITRE ATT&CK Framework Prometheus Grafana Loki This project was developed as part of research into database-aware deception, protocol-level telemetry, and attacker behavior analysis. If you found this project interesting, consider liking the video, sharing it, and subscribing for more content on cybersecurity, database security, system design, and backend engineering. #CyberSecurity #DatabaseSecurity #MITREATTACK #MySQL #PostgreSQL #Kafka #Redpanda #Docker #ThreatDetection #DeceptionTechnology #BlueTeam #SOC #Python #InformationSecurity

Why we love Patroni

NMAP 07 - RÀ QUÉT TOÀN DIỆN LỖ HỔNG (FULL) - Comprehensive vulnerability scanning

White Lily Flower Framed Vintage Oil Painting for TV | FRAME TV ART | Framed TV Art

3-Hour Serene Yellow & Orange Gradient - Uplift and Relax Your Space

MitoCatch - How to use (Tutorial)

How to Design APIs Like a Senior Engineer (REST, GraphQL, Auth, Security)

Rowan Atkinson's Funniest Moments That Prove He's a Comedy Genius

Entitled Brat Walked Into Court Laughing… Then the Judge DESTROYED Her With One Verdict! (Instant)

Full Stack Engineering Course | Build and Deploy a Full Stack PERN Admin Dashboard in 2026

🚗 BYD : The biggest SCAM of the car industry ?

Android 17 sucks. So I put Linux on a phone.

Agentic Insight API server Demo

Black and White Abstract art for Frame TV | Smart TV paintings | screensaver without music

Supabase Full Course 2025 | Become a Supabase Pro in 1.5 Hours

3 Hours of Tan Screen in 4K Ultra HD

System Design Explained: APIs, Databases, Caching, CDNs, Load Balancing & Production Infra

Creator of C++: Bell Labs, Negative Overhead Abstraction, Mistakes | Bjarne Stroustrup

Kryptographie bzw. Verschlüsselung für IT-Berufe (AP1/AP2)

AWS Masterclass for Data Engineers with Project

