Secure Shells in Shambles

February 28, 2025 Yanac

The Secure Shell (SSH) protocol has survived as an internet-facing management protocol for almost 30 years. Over the decades it has transformed from a single patented codebase to a multitude of implementations available on nearly every operating system and network-connected device.

This presentation dives deep into the Secure Shell protocol, its popular implementations, what’s changed, what hasn’t, and how this leads to unexpected vulnerabilities and novel attacks. An open source tool, dubbed “sshamble”, will be demonstrated, which reproduces these attacks and opens the door for further research.

By:
HD Moore | Founder & CEO, runZero
Rob King | Director of Security Research, runZero

Full Abstract and Presentation Materials:
https://www.blackhat.com/us-24/briefings/schedule/#secure-shells-in-shambles-40393Black HatRead More