ssh

Detect an SSH login after social engineering
Detect an SSH login after social engineering
In this article, we are addressing the challenge presented by detecteam.com. “We have published one year of ssh logins/logouts of a valid administrator; However the account has been compromised using social engineering similar to the MGM attack which led to a ransomware being deployed.” ― Detecteam So here is the openssh.log_.zip (mirror) dataset and its associated openssh.log_.zip.format parsing file. It’s looking like typical OpenSSH logs: Sep 24 08:46:18 bidizidomo sshd[26168]: Accepted password for iworkinacasino from 173.