Daniel Roberson - SSH keystroke timing attack

SSH keystroke timing attack

2024-09-13

A SSH keystroke timing attack occurs when an adversary is able to capture packets of ssh sessions, and measure the timing between keystrokes. Using this timing data, the adversary may be able to infer what was typed by the user using a variety of methods.

timinganalysisssh-song_wagner_tian2001

Links to this note

sending ssh packets at a flat rate to obscure keystroke timings

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit