DEF CON 32: SSHamble: Unexpected Exposures in SSH

The Secure Shell (SSH) has evolved from a remote shell service to a standardized secure transport that is second only to Transport Layer Security (TLS) in terms of exposure and popularity. SSH is no longer just for POSIX operating systems; SSH services can be found in everything from network devices, to source code forges, to Windows-based file transfer tools. While OpenSSH is still the most prominent implementation, it's now just one of dozens, and these include a handful of libraries that drive a wide range of applications. This presentation digs deep into SSH, the lesser-known implementations, many of the surprising security issues found along the way, and how to exploit them. As part of this talk, we released an open source tool, dubbed "SSHamble", that assists with research and security testing of SSH services.


Related Resources

Document
Unmanaged Assets: A Silent Threat to Zero Trust Architecture - Solution Brief
The recent zero trust-related executive orders are an acknowledgment that the threats to public sector infrastructure have never been greater....
Document
runZero Platform - Solution Brief
Download this concise, two-page solution brief for a summary of the runZero Platform that can be shared.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved