The Eye of Sauron: How (not) to build an LKM keylogger

The Eye of Sauron is a Loadable Kernel Module keylogger proof-of-concept that I’ve developed for fun and learning. This presentation will document its development and outline the steps necessary for a) writing a keylogger as a Loadable Kernel Module for Linux kernels, b) making the LKM a little more stealthy, c) giving the LKM a little command and control and d) giving it a means of exfiltrating the data off of the system.

Register Today!