I 🥰 everything that compiles down to machine code 🤓. 🔍 CTI analyst and ⏪ reverse engineer. 🧑⚖️ PC member @Botconf. 📨 Tweets are my own.
Mar 3, 2022 • 4 tweets • 2 min read
🧵 Backdooring #SSH daemons (sshd) via simple patches probably exists since the dawn of time. Typically, a patched and recompiled version of #OpenSSH allows a threat actor to:
1⃣ login with master password
2⃣ logging all credentials to file
3⃣ hiding logons from "last"
1/4
‼️Especially, the logging of further credentials potentially enables threat actors to maintain access in the case the backdoored #SSH daemon is detected and removed or to move laterally in the network due to password reuse.
2/4