top | item 28466350

Good attacks make good detections make good attacks (a MySQL booby-trap)

1 points| mh_ | 4 years ago |blog.thinkst.com

2 comments

[+] josephcsible|4 years ago|reply

> By default, we encode this snippet so that an attacker eyeballing a plundered MySQL dump file doesn’t spot it immediately.

But if you're looking at the dump file, isn't their encoded version itself super suspicious looking?

[+] mh_|4 years ago|reply

You can wave the encoding away (with a tick-box) but in general, people over-estimate what attackers will "notice". In cases like this, many are as desperate to get the loot as users are when they get phished. dialogue boxes and browser warning fade into the background as they hit "accept" to move closer to their goal.