Active and Passive Collection of SSH key material for cyber threat intelligence
Abstract
This paper describes a system for storing historical forensic artefacts collected from SSH connections. This system exposes a REST API in a similar fashion as passive DNS databases, malware hash registries, and SSL notaries with the goal of supporting incident investigations and monitoring of infrastructure.
0
Turn this paper into a full lesson
ArcXiv compiles a staged curriculum from this paper: 8-12 lessons across beginner → advanced, synthesised section guides, visuals, flashcards, a quiz, exercises, and on-demand deep dives per section. Grounded in the abstract, never invented.