HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 54 guests and 2 members online
 
Advertisement

You are here: Home arrow EH-Netarrow Special Eventsarrow [Article]-Video: Keyloggers 101
EH-Net
May 22, 2013, 03:35:42 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: [Article]-Video: Keyloggers 101  (Read 36650 times)
0 Members and 1 Guest are viewing this topic.
don
Editor-In-Chief
Administrator
Hero Member
*****
Online Online

Posts: 4165


Editor-In-Chief


View Profile WWW
« on: October 30, 2011, 08:09:19 PM »
Seems like a simplistic topic, but keyloggers are one of the basic tools used in attacks. Even for you pros out there, it never hurts to go back and review the basics. You'll never know what you'll find useful. Thanks Dan. We look forward to more of your videos in the coming months, especially the next one on Proxychains + TOR.

Permanent link: [Article]-Video: Keyloggers 101

Quote


Dan Honkanen, GCIH, Security+, ITIL, et al

Keyloggers are usually one of the top picks for a hacker or a spy's best friend. They basically serve as the eyes and ears of the attacker. They can be based on software or hardware and send detailed reports including the user's passwords, chat logs, all typed text, launched applications and visited websites. They can even send screenshots to visually show what the user was viewing as well as any webcam and microphone activity. Most laptops today come with a built-in webcam and microphone and don't usually give any signal that they have been enabled. Any person who uses that computer will have all their activities monitored and recorded in an encrypted log which only the attacker can access.

In this video, I will present the basics of keyloggers and  also demonstrate a couple of my favorite keyloggers, their features, how hidden they are and how to prevent and detect keyloggers in general. At the end of this primer, the viewer should be able to fully understand where keyloggers fit into both sides of the equation.


As always, please offer your feedback,
Don
Logged
CISSP, MCSE, CSTA, Security+ SME
millwalll
Guest
« Reply #1 on: October 31, 2011, 04:40:23 AM »
very interesting does anyone ever use a key logger these days ?
Logged
White ghost
Newbie
*
Offline Offline

Posts: 36


Im a ghost from paradise


View Profile
« Reply #2 on: October 31, 2011, 05:20:42 AM »
i dont think so i thik social engineering is batter plan
but some times it fails
Logged
MCITP CCENT
hayabusa
Hero Member
*****
Offline Offline

Posts: 1632



View Profile
« Reply #3 on: October 31, 2011, 07:28:59 AM »
Quote from: Jamie.R on October 31, 2011, 04:40:23 AM
very interesting does anyone ever use a key logger these days ?

I use them frequently.  Far too often, pushing out a keylogger get me creds for an application or server / network.  Depending on what I'm up to, and what I'm after, I might combine it with some social engineering, for example, such as causing a workstation or app crash, getting helpdesk or admin personnel to login to look at things, and grabbing their credentials, or just to grab usernames, passwords and web app URL's, etc., from 'Joe user.'

But yeah, most pentesters I know still use keyloggers, frequently, under a variety of circumstances.
Logged
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'

OSCE, OSCP , GPEN, C|EH
White ghost
Newbie
*
Offline Offline

Posts: 36


Im a ghost from paradise


View Profile
« Reply #4 on: October 31, 2011, 07:52:39 AM »
Yeh because using keylogger id very easy for them but
Phishing and social engineering is the best methods
Logged
MCITP CCENT
lorddicranius
Sr. Member
****
Offline Offline

Posts: 447



View Profile WWW
« Reply #5 on: October 31, 2011, 10:26:55 AM »
Quote from: White ghost on October 31, 2011, 07:52:39 AM
Yeh because using keylogger id very easy for them but
Phishing and social engineering is the best methods

I think it depends on the situation and what you're after.  Yes, phishing and SE can help you get usernames and passwords, but as the article reads in the first paragraph, keyloggers are much more than just getting usernames and passwords.

Quote
They can be based on software or hardware and send detailed reports including the user's passwords, chat logs, all typed text, launched applications and visited websites. They can even send screenshots to visually show what the user was viewing as well as any webcam and microphone activity.

You highly unlikely that you're going to get chat logs, a complete history of keystrokes, launches applications, and websites a user has visited from a phishing attack or SE'ing.  Yes, you can get other information via phishing and SE, but as I said, it all depends on the situation and what you're after.  You use the best method for the situation at hand, and keyloggers definitely still have their place (as hayabusa has said).
Logged
GSEC, eCPPT, Sec+
p0et
Full Member
***
Offline Offline

Posts: 197



View Profile
« Reply #6 on: October 31, 2011, 11:11:23 AM »
Hey Guys.  I know many have forgotten about keyloggers and just went onto phishing/SE'ing but I also know there are many of us (myself included) who still use them often.  I've used them as hayabusa described by having an admin come over to my workstation to "help" me or have a look at something, punch in his/her admin creds and I've instantly got elevated credentials.  I also know of quite a few parents who use commercial keyloggers to monitor their kids whereas other parents feel it's an invasion of privacy.  

Anyway, after finding out just how popular they still are, I decided to make up a little vid about them.  A few people recommended one certain keylogger which I haven't used before.... turns out it's quite the nasty little rootkit as well.  (restored the OS and it keeps coming back.  having fun though trying to remove it) lol

Forgot to mention that while researching keyloggers, I ran into several websites (including AV and CERT sites) which all say in the last year or two that "keyloggers have pushed phishing out of first place as the most-used method in the theft of confidential information". 
« Last Edit: October 31, 2011, 11:26:39 AM by p0et » Logged
GCIH, Security+, Network+, A+, MCP, DCSE
p0et
Full Member
***
Offline Offline

Posts: 197



View Profile
« Reply #7 on: October 31, 2011, 02:54:20 PM »
Umm.. thanks Mike but I'll leave your goat milk for someone else's skin.  Huh
Logged
GCIH, Security+, Network+, A+, MCP, DCSE
bpecan
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #8 on: November 17, 2011, 03:56:06 PM »
One question about the video... I tried to download the free ardamax keylogger the video shows but when downloaded, it's actually a reg cleaner.  The other two keyloggers are not really free.  Would you know of any other free ones?  Thanks
Logged
CISSP|CEH|SEC+|ITIL
p0et
Full Member
***
Offline Offline

Posts: 197



View Profile
« Reply #9 on: November 17, 2011, 08:54:58 PM »
hmm.. I'll take a look and pm ya back. :-)
Logged
GCIH, Security+, Network+, A+, MCP, DCSE
nytfox
Newbie
*
Offline Offline

Posts: 20



View Profile
« Reply #10 on: November 28, 2011, 01:02:07 AM »
I haven't used key loggers for a long time as just KeyLoggers. but used in alota spyware applications right ? well even meterpreter has key stroke recorder which comes handy somtimes
Logged
Unlike others I love NULLS
http://treasuresec.com
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.583 seconds with 24 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.