"How many slides are there in a 40-minute talk Michael, 100?" @rk and I are super excited to share our investigation into the Secure Shell protocol and implementations this Wednesday at Black Hat USA (3:20pm-4:00pm in South Pacific F, Level 0).
This presentation may feel more like a rap battle than a lecture given the quantity of material and available time, but it should be a blast.
If you would like to be notified when our new open source tool, "SSHamble", is released, you can sign up here:
CrowdStrike attempts takedown of parody site: https://clownstrike.lol/crowdmad/
(cue references to https://en.wikipedia.org/wiki/Streisand_effect)
@screaminggoat thanks! amazing year so far (and how easy it is to forget about previous events)
2024 has been a trip. Microsoft shipped an infostealer as a feature, on by default (Recall), then took down a chunk of Azure one evening, and was still overshadowed by CrowdStrike accidentally causing more harm than any malware campaign ever ($5b+ ?USD in losses). Also, OpenSSH remote exploits! See some of yall in Vegas soon!
EDIT: Also, the whole multi-year con to backdoor xz and sshd on systemd distros (thanks @AlesandroOrtiz )
Secure Boot is completely broken on 200+ models from 5 big device makers:
Great work by the Binarly team and an excellent write-up by @dangoodin!
runZero Discovers all IP-Addressable Assets and Proves Active Scanning is Safe for Operational Technology in NREL/CECA Testing:
https://www.runzero.com/newsroom/runzero-discovers-all-ip-addressable-assets-and-proves-active-scanning-is-safe-for-operational-technology-in-nrel-ceca-testing/
A more coherent[1] explanation of Blue Friday:
https://www.youtube.com/watch?v=y8OnoxKotPQ
1.The less clear version is at https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
I'm stoked to announce that @rk and I are speaking at @defcon DEF CON 32 on Friday at 1:00pm. Our talk, `sshamble: Unexpected Exposures in the Secure Shell` covers lesser-known tricks for making remote secure shells into your shells.
https://defcon.org/html/defcon-32/dc-32-speakers.html#54452
Also, DEF CON's deadline for materials is midnight and our servers are working as hard as they can to pull the necessary data.
my favorite quasi-backdoor SSH capability (today) is ""Russia URAL Special Auth Feature""
alias ffssh="ssh -oStrictHostKeyChecking=no -oKexAlgorithms=+diffie-hellman-group1-sha1 -oHostKeyAlgorithms=+ssh-rsa -oCiphers=+3des-cbc"