SSH Authorized Keys
SSH Authorized Keys are widely used as credentials for remotely accessing Linux-based systems via SSH. Adversaries can manipulate these keys to give themselves persistence in your environment so they can return at will. Get hands-on detecting and mitigating this adversary action today.
Course Description
Some reports show that SSH is present on over 18 million hosts accessible from the internet. This figure doesn’t count hosts available to adversaries once they gain access to an internal network. The figures quickly become staggering. To complicate this, organizations regularly use SSH and SSH Authorized Keys as part of a healthy cybersecurity posture. It only takes one misconfiguration in SSH or the hosts it runs on to allow adversaries to add an SSH key of their own. With this technique accomplished they can reconnect to that host any time they like.
Do you know which SSH keys in your environment are good and which are bad? Get the hands-on skills you need to detect and mitigate this adversary behavior today.
Do you know which SSH keys in your environment are good and which are bad? Get the hands-on skills you need to detect and mitigate this adversary behavior today.
Module 1: Account Manipulation: SSH Authorized Keys