Poor SSH Configuration Missing From Off-Chain Attacks

manifoldfinance / defi-threat

a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations on decentralized finance

Mozilla Public License 2.0

485 stars 53 forks source link

Poor SSH Configuration Missing From Off-Chain Attacks #11

Open bonedaddy opened 2 years ago

bonedaddy commented 2 years ago

Is your feature request related to a problem? Please describe. Backend servers are often used for things like compounders, apis, oracles, etc.. This requires remote access, usually through SSH. Default SSH configurations are dogshit, often permitting root access with password enable ssh.

Describe the solution you'd like

Add SSH as an off-chain attack

Describe alternatives you've considered Telnet? /s