Advanced Linux Kernel Keylogger presented at HITBSecConf Malaysia 2003

by Red Dragon,

Tags: Security Monitoring

Summary : This presentation will discusses some of the more advanced techniques in writing kernel based keyloggers and will present the newest release of THC-vlogger 2.1 with new keystroke logging techniques and more features such as centralized logging. THC-vlogger, first presented in Phrack Magazine #59, enables the capability to log keystrokes of all administrator/user's sessions via console, serial port and Telnet/SSH remote sessions, switching logging modes by using magic passwords, stealthily sending logged data to centralized remote server.
Its smart mode can automatically detect password prompts to log only sensitive user and password information. This talk will also discusses the recently published tool in PHC's 'fake' phrack #62 dealing in the detection and disabling of Sebek, a host based honeypot monitoring tool of the Honeynet project. The presentation will also discuss the advantages of THC-vlogger 2.1 over Sebek and other similar keylogger tools.