Infosec.Pub

4,674 readers
122 users here now

To support infosec.pub, please consider donating through one of the following services:

Paypal: jerry@infosec.exchange

Ko-Fi: https://ko-fi.com/infosecexchange

Patreon: https://www.patreon.com/infosecexchange

founded 2 years ago

ADMINS

jerry

shellsharks

modbot

Uncovering Compromised Hosts using SSH Public Keys (www.usenix.org)

submitted 2 weeks ago by digicat to c/blueteamsec

0 comments fedilink

Catch-22: Uncovering Compromised Hosts using SSH Public Keys | USENIX (www.usenix.org)

submitted 2 weeks ago by jstangroome to c/cybersecurity

0 comments fedilink

In this paper, we present a method to identify compromised SSH servers at scale. For this, we use SSH's behavior to only send a challenge during public key authentication, to check if the key is present on the system. Our technique neither allows us to access compromised systems (unlike, e.g., testing known attacker passwords), nor does it require access for auditing.