Expand description
SSH key extraction from sshd process memory.
Scans sshd process heap and mapped memory for SSH public key material
(e.g. ssh-rsa, ssh-ed25519). During incident response this reveals
lateral movement paths and compromised credentials by recovering keys
that were present in the SSH daemon’s address space at the time of
the memory capture.
Functions§
- extract_
ssh_ keys - Extract SSH public keys from sshd process memory.