DEF CON 32: SSHamble: Unexpected Exposures in SSH (Video)

The Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it's now just one of dozens, and these include a handful of libraries that drive a wide range of applications. This presentation (download PDF) digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. As part of this talk, we released an open source tool, dubbed "SSHamble", that assists with research and security testing of SSH services.

Meet Our Speakers

Rob King

Director of Security Research

HD Moore

Founder & CEO

Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Resources

Talks
There and Back Again: Discovering OT Devices Across Protocol Gateways with Rob King
Rob King discusses the security implications of the convergence of IT and OT, with deep dives into OT protocols and device discovery.
Talks
Charting the SSH Multiverse with HD Moore (BSidesSF 2025)
Watch runZero founder HD Moore, explore the multitude of SSH implementations, their specific weaknesses, and real-world exposures.
Talks
NSEC Keynote: A Pirate's Guide to Snake Oil & Security - HD Moore
Watch HD's keynote at NSEC, where you are taken on a satirical voyage through the crowded world of vulnerability management.
Talks
Your Next Incident Won't Have a CVE
HD Moore dissects why your next breach won’t be tied to a CVE. HD will reveal why your security stack is failing you through the lens of an...

See Results in Minutes

See & secure your total attack surface. Even the unknowns & unmanageable.