Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

The Dark Side of the ForSSHe

linux.conf.au via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore the dark underbelly of OpenSSH backdoors in this 38-minute conference talk from linux.conf.au. Delve into the analysis of Operation Windigo, a campaign that compromised over 40,000 Linux servers worldwide. Discover the modus operandi of cybercriminals, including their use of the Ebury backdoor to steal login credentials. Learn about the researchers' collection and analysis of hundreds of undocumented malware samples, ranging from basic to advanced implementations with exotic encryption algorithms and anti-logging techniques. Gain insights into the custom honeypot infrastructure used to study attacker behavior, including their pre-deployment checks, installation methods, and lateral movements. Acquire valuable knowledge on preventing such threats and verifying the legitimacy of OpenSSH daemons and clients. This talk provides a comprehensive look at the evolving landscape of OpenSSH-based attacks and offers practical advice for securing Linux systems against these sophisticated threats.

Syllabus

Introduction
Operation Wendigo
Common Open Stage
Deep Analysis
Main Features
LPG
Credentials
Main Function
Code
DNS A
Bot Module
Miner Module
apothecary
MITM SSH
Demo
Backdoor
SSH client
Command history
Back door
New sample
Basic features
SSH password
Two passwords
Keybased authentication
Release infection vectors
Check loaded libraries
Conclusion

Taught by

linux.conf.au

Reviews

Start your review of The Dark Side of the ForSSHe

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.