We all know about hardware and software based keyloggers, but I think there’s actually another one that is on just about every computer; the human keylogger. These are the most common, and perhaps most sophisticated keyloggers that organize keystrokes into nicely formatted documents, Facebook posts, e-mails, etc., and have a few unique benefits:
1. They log keystrokes years before you ever got access, giving you the ability to go back in time! Sometimes all the passwords are already conveniently logged in a file called passwords.txt.
2. Logs from human keyloggers often end up on multiple computers via the network. So if you gain access to a computer and get the users’ e-mail, you can see not only the keystrokes that your target has entered, but the keystrokes from people responding. The same applies for documents on network shares.
3. You sometimes don’t even need to gain access to a target computer, and can learn quite a bit by using OSINT.
4. Not only do keystrokes get logged, but general user activity like browser history, program execution, contacts, files system activity, Wi-Fi networks used, etc.
5. No malware or hardware needs to be installed, human keyloggers are FUD.
That’s an interesting take on things. Yes, people do have a habit of storing interesting info like passwords in plaintext files. While they are not exactly keyloggers it’s basically a different means to the same end. Trawling home directories is a great way to start privilege escalation and jumping to other systems and services.
Viewing 1 reply thread
You must be logged in to reply to this topic.
– EH-Net Live!Thurs Oct 29 @ 1:00 PM US ET. Details Coming Soon!