Hi there! This is part of a regular series of posts in which we’ll highlight useful, interesting, and otherwise cool queries for use with Censys Search and ASM. If you have any questions, similar queries, or custom versions of this week’s highlight, let us know!

This week we’ve got a good starting point query for finding SSH running on nonstandard ports:
 

services: (service_name:ssh and not port:{22, 2222})

ASM users can prepend hosts. to the query to use it on their hosts inventory to build a more complete picture of their attack surface:

host.services: (service_name:ssh and not port:{22, 2222})

Have you used a query like this for threat hunting? Let us know!