Giters

GaspareG / OpenSSH-Backdoors

A landscape of OpenSSH backdoors - Seminar for ICT Risk Assessment exam @ UniPi

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

OpenSSH-Backdoors

A landscape of OpenSSH backdoors - Seminar for ICT Risk Assessment exam @ UniPi

Presentation: presentation.pdf

Index

  1. Introduction
    • SSH
    • OpenSSH Suite
    • The attackers
    • Operation Windigo
  2. Common features of OpenSSH backdoors
    • Strings and code obfuscation
    • Credential stealing
    • Exfiltration methods
    • Backdoor mode
  3. Backdoors families
    • OpenSSH backdoor galaxy
    • Chandrila
    • Bonadan
    • Kessel
    • Kamino
  4. Honeypot
    • Definition and goals
    • Honeypot structure and strategy
    • Observed interaction: Mimban
    • Observed interaction: Borleias
  5. Mitigation
    • Preventing compromise of SSH servers
    • Correct OpenSSH configuration
    • Check logs
    • Analyze network traffic
    • Detect compromised SSH tools

References

- Research Whitepaper by ESET

https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf

- The Dark Side of the ForSSHe

https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/

- Linux/SSHDoor.A Backdoored SSH daemon that steals passwords

https://www.welivesecurity.com/2013/01/24/linux-sshdoor-a-backdoored-ssh-daemon-that-steals-passwords/

- Operation Windigo

https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf

- ESET discovers 12 previously undetected Linux backdoors

https://www.eset.com/int/about/newsroom/press-releases/research/eset-discovers-12-previously-undetected-linux-backdoors/

- Openssh backdoor used on compromised Linux servers

https://www.randhome.io/blog/2016/08/01/openssh-backdoor-used-on-compromised-linux-servers/

About

A landscape of OpenSSH backdoors - Seminar for ICT Risk Assessment exam @ UniPi

License:GNU Affero General Public License v3.0

Languages

Language:TeX 100.0%