A landscape of OpenSSH backdoors - Seminar for ICT Risk Assessment exam @ UniPi
Presentation: presentation.pdf
- Introduction
- SSH
- OpenSSH Suite
- The attackers
- Operation Windigo
- Common features of OpenSSH backdoors
- Strings and code obfuscation
- Credential stealing
- Exfiltration methods
- Backdoor mode
- Backdoors families
- OpenSSH backdoor galaxy
- Chandrila
- Bonadan
- Kessel
- Kamino
- Honeypot
- Definition and goals
- Honeypot structure and strategy
- Observed interaction: Mimban
- Observed interaction: Borleias
- Mitigation
- Preventing compromise of SSH servers
- Correct OpenSSH configuration
- Check logs
- Analyze network traffic
- Detect compromised SSH tools
- Research Whitepaper by ESET
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
https://www.welivesecurity.com/2018/12/05/dark-side-of-the-forsshe/
https://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
https://www.randhome.io/blog/2016/08/01/openssh-backdoor-used-on-compromised-linux-servers/