Quote:
Originally Posted by sendersu
According to kernel module it works with keyboard only, eg: register_keyboard_notifier(), etc
the ssh/putty(=telnet) are not using keyboard, they are network (socket) based protocols, so one would need to intercept tcp/udp sockets.... thats totally different type of logger I guess 
keep in mind you might have thousands of open sockets in a system (and just 1 keyboard!) |
why not hook into SSH-related processes and steal credentials or session traffic.
like gyrfalcon malware (according to Vault 7 Wikileaks) https://wikileaks.org/vault7/document/Gyrfalcon-2_0-User_Guide/Gyrfalcon-2_0-User_Guide.pdf