Catch-22: Uncovering Compromised Hosts using SSH Public Keys | USENIX
(www.usenix.org)
from jstangroome@infosec.pub to cybersecurity@infosec.pub on 29 Aug 02:30
https://infosec.pub/post/33832431
from jstangroome@infosec.pub to cybersecurity@infosec.pub on 29 Aug 02:30
https://infosec.pub/post/33832431
In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH’s behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.
threaded - newest