DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)

The Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it's now just one of dozens, and these include a handful of libraries that drive a wide range of applications. This presentation (download PDF) digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. As part of this talk, we released an open source tool, dubbed "SSHamble", that assists with research and security testing of SSH services.

Meet Our Speakers

Rob King

Director of Applied Research

HD Moore

Founder & CEO

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Resources

Talks
Forging strong cyber communities in uncertain times
HD Moore and Nicole Schwartz explore what it takes to create and foster robust cybersecurity communities and why we should all get involved in...
Talks
Vulnerability haruspicy: picking out risk signals from scoring system entrails
Tod Beardsley explores the strengths and flaws of these systems, asking whether they improve risk decisions or simply rationalize them.
Talks
Rewriting the rules of exposure management
HD Moore examines why traditional vulnerability management tools continue to fail and why vendor hype and competing frameworks only add to the noise
Talks
There and back again: discovering OT devices across protocol gateways with Rob King
Rob King discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery.

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.