SSH Authorized Keys
Adversaries may modify the SSH <code>authorized_keys</code> file to maintain persistence on a victim host. Linux distributions, macOS, and ESXi hypervisors commonly use key-based authentication to secure the authentication process of SSH sessions for remote management. The <code>authorized_keys</code> file in SSH specifies the SSH keys that can be used for logging into the user account for which the file is configured. This file is usually found in the user's home directory under <code><user-...
BY SOURCE
PROCEDURES (10)
Auto-extracted: 2 detections for remote
Auto-extracted: 2 detections for c2
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for exfiltrat
Auto-extracted: 1 detections for suspicious
Auto-extracted: 1 detections for service
Auto-extracted: 1 detections for container
Auto-extracted: 1 detections for process creation monitoring
Auto-extracted: 1 detections for network connection monitoring
Auto-extracted: 1 detections for privilege