kernel-based keylogger for Linux

sh3dow · #7 10-27-2017, 21:28

Quote:

Originally Posted by sendersu

According to kernel module it works with keyboard only, eg: register_keyboard_notifier(), etc

the ssh/putty(=telnet) are not using keyboard, they are network (socket) based protocols, so one would need to intercept tcp/udp sockets.... thats totally different type of logger I guess

keep in mind you might have thousands of open sockets in a system (and just 1 keyboard!)

why not hook into SSH-related processes and steal credentials or session traffic.
like gyrfalcon malware (according to Vault 7 Wikileaks) https://wikileaks.org/vault7/document/Gyrfalcon-2_0-User_Guide/Gyrfalcon-2_0-User_Guide.pdf

Thread Tools
Show Printable Version Email this Page
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Systrack - Linux kernel syscall implementation tracker	blue_devil	Community Tools	0	03-21-2024 15:06
Hades:Windows kernel driver lets reverse engineers monitor user and kernel mode code	sh3dow	Source Code	0	05-12-2016 03:15
IDA remote debug Linux Kernel	Sergey Nameless	General Discussion	3	04-03-2012 04:12

The Following User Says Thank You to sh3dow For This Useful Post:
nimaarek (10-28-2017)