BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//pretalx.devconf.info//devconf-cz-2026//talk//PVPDED
BEGIN:VTIMEZONE
TZID:CET
BEGIN:STANDARD
DTSTART:20001029T040000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
TZNAME:CET
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000326T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=3
TZNAME:CEST
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-devconf-cz-2026-PVPDED@pretalx.devconf.info
DTSTART;TZID=CET:20260618T101500
DTEND;TZID=CET:20260618T105000
DESCRIPTION:In modern infrastructure\, SSH remains the backbone of secure r
 emote administration\, but its advanced features have created unexpected a
 ttack surfaces. This talk explores three critical OpenSSH vulnerabilities 
 (CVE-2023-51385\, CVE-2025-61984\, CVE-2025-61985) that demonstrate how at
 tackers exploit expansion tokens in ProxyCommand\, LocalCommand\, and matc
 h exec directives.\nThrough live demonstrations\, I'll show how malicious 
 usernames\, hostnames\, and SSH URIs achieve arbitrary code execution via 
 shell metacharacters\, control character injection\, and null byte truncat
 ion attacks.\nDrawing from my experience fixing these CVEs in enterprise R
 HEL environments\, I'll walk through real exploitation scenarios affecting
  CI/CD pipelines\, corporate jump host architectures\, and automated deplo
 yment systems.\n\nI'll demonstrate how a single malicious SSH URI can comp
 romise entire CI/CD pipelines\, and how control characters in LDAP-sourced
  usernames enable lateral movement across production networks.
DTSTAMP:20260430T124929Z
LOCATION:E112 (capacity 156)
SUMMARY:Shell Injection Evolution: From SSH URIs to ProxyCommand Exploits -
  Suyash Nalawade
URL:https://pretalx.devconf.info/devconf-cz-2026/talk/PVPDED/
END:VEVENT
END:VCALENDAR