SSH Authorized Keys are widely used as credentials for remotely accessing Linux-based systems via SSH. Adversaries can manipulate these keys to give themselves persistence in your environment so they can return at will. Get hands-on detecting and mitigating this adversary action today.
After completing MITRE ATT&CK TTP content, learners should be able to:
- Detect adversary usage of a technique or sub-technique in a hands-on environment.
- Explain possible approaches for setting up detection rules and recommending mitigations for the technique.
- Describe how an adversary might chain this technique together with adjacent or related techniques in order to accomplish objectives on goal.
- Provide examples of real-world procedures that illustrate the techniques.