Thomas Barabosch Profile picture
I 🥰 everything that compiles down to machine code 🤓. 🔍 CTI analyst and ⏪ reverse engineer. 🧑‍⚖️ PC member @Botconf. 📨 Tweets are my own.
Mar 3, 2022 4 tweets 2 min read
🧵 Backdooring #SSH daemons (sshd) via simple patches probably exists since the dawn of time. Typically, a patched and recompiled version of #OpenSSH allows a threat actor to:

1⃣ login with master password
2⃣ logging all credentials to file
3⃣ hiding logons from "last"

1/4
‼️Especially, the logging of further credentials potentially enables threat actors to maintain access in the case the backdoored #SSH daemon is detected and removed or to move laterally in the network due to password reuse.

2/4