DEF CON 32: SSHamble: Unexpected Exposures in SSH (PDF)

The Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it's now just one of dozens, and these include a handful of libraries that drive a wide range of applications. This presentation digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. As part of this talk, we released an open source tool, dubbed "SSHamble", that assists with research and security testing of SSH services.


Related Resources

Talks
LASCON 2024 Keynote: HD Moore - Hacker Numerology
In this keynote HD Moore explores the numbers that define our lives and how to use limited observations of identifiers to reason about the security...
Talks
DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)
This talk digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them.
Talks
CypherCon 7.0 Keynote: 25 Years of Vulnerability Mismanagement
HD Moore, Founder and CEO of runZero, gives the keynote address at CypherCon 7.0.
Talks
Into the Security CAASM with runZero: Dark Reading News Desk at Black Hat 2024
HD Moore, Founder and CEO of runZero, joins the Dark Reading News Desk during Black Hat USA 2024 to talk about cyber asset attack surface...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved