Use and abuse of SSH AuthorizedKeysCommand and SSH Certificates

Presented at NolaCon 2022, May 22, 2022, 11 a.m. (Unknown duration)

<p>This talk will discuss the recent rise of SSH Certificates and SSH AuthorizedKeyCommands as alternative Identity and Access Management solutions. This talk will show how they can be used defensively as well as an innovative backdoor.</p> <p>This talk will cover setup, program suites that utilize certificates, how to set them up yourself, and how to backdoor systems.</p>

Presenters:

• Dustin Heywood / EvilMog   as Evil_Mog (Dustin Heywood)
  <p>EvilMog is the Chief Architect for X-Force and Senior Technical Staff Member, Bishop of the Church of Wifi, and member of team Hashcat. He is on the SECCDC Red Team, and has been known to collect conference black badges. </p>

Links:

• https://nolacon.com/talk/use-and-abuse-of-ssh-authorizedkeyscommand-and-ssh-certificates

Similar Presentations:

• GrrCON 2019 / How to Make a Honeypot Stickier (SSH*)
• BSidesSF 2017 / Better SSH management with ephemeral keys
• Still Hacking Anyway (SHA2017) / SSH - From Zero to Hero (Workshop): Impress your friends with your freshly acquired SSH knowledge