Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Learn how to identify compromised SSH servers at Internet scale through a novel methodology that leverages SSH's public key authentication behavior. Discover a technique that uses SSH's challenge-response mechanism to detect malicious public keys on systems without requiring access credentials or system penetration. Explore the research findings that identified over 21,700 unique compromised systems across 1,649 ASes and 144 countries using 52 verified malicious keys from threat intelligence sources. Examine real-world case studies including the 'fritzfrog' IoT botnet, 'teamtnt' malicious actors, and state-actor associated keys within sensitive autonomous systems. Understand the limitations of honeypot data in representing attacker activities and learn about collaborative efforts with national CSIRTs and the Shadowserver Foundation for system remediation and continuous monitoring.
