Keylogger part 1 -- Advanced Keylogger

August 30, 2024 - 9 mins read

0. Basic Keyloggers Basic keyloggers are commonly built using functions like GetAsyncKeyState or SetWindowsHookEx in the Windows API to capture keystrokes. These functions allow a program to intercept and record keyboard input by monitoring key presses and releases. However, they are frequently monitored and easily detected by EDR/AV software because these security tools hook into the underlying native functions to identify suspicious activity. To evade detection, more advanced techniques, such as using direct system calls (syscalls), are used.

Clipboard monitoring with evasions

August 30, 2024 - 7 mins read

Series: SpyBOF implem

Basic code void main() { HWND owner = GetConsoleWindow(); OpenClipboard(owner); owner = GetClipboardData(CF_TEXT); printf("Clipboard: %s\n", (char *)owner); CloseClipboard(); } In our basic code, we’re using 4 functions that we would like to evade. These are GetConsoleWindow(), OpenClipboard(), GetClipboardData() and CloseClipboard. Therefore, we need to understand what are the basic functions from the kernel these functions called. OpenClipboard –> NtUserOpenClipboard GetClipboardData –> NtUserGetClipboardData CloseClipboard –> NtUserCloseClipboard GetConsoleWindow() More complex but –> ntdll.

Introducing Poison

August 30, 2022 - 12 mins read

Series: How to use poison

Poison is a clean, professional Hugo theme designed to captivate your readers.

It’s also tiny and privacy conscious. No JavaScript frameworks, icon packs, or Google fonts. No ads or trackers polluting your console window. We kept things simple. A little vanilla JavaScript, a dash of CSS, and the power of Hugo.

All the static assets for the site (JS files, CSS, and fonts) are located within the theme’s /assets/ directory. That way you know exactly what’s going onto your site.

Check out our demo site’s analytics here to gauge community interest in the theme.