Keylogging!

Today I utilized my first keylogger. A keylogger is an application which secretly records every key you press to a well-hidden text file for later viewing. This would be a good time to bring up something known in the Information Security world as ethical hacking philosophy. In a nutshell, this means understanding that with great power comes great responsibility. The responsibility to help make this world a better place, not a more dangerous and divided one. Techniques like this should not be used for petty gain or malicious purposes. What exactly constitutes ethical vs unethical can become blurred as white hat hackers (legal hackers tasked with protecting an organization or agency) attack back against blackhat hackers (illegal, criminal hackers with malicious intent who initiate a breach with the purpose of stealing data, shutting down a company's infrastructure, or compromising their target nation's national security.) So if a blackhat hacker set off the chain of events by stealing data or shutting down a company's infrastructure, and in response, a remote keylogger is placed on the attacker's machine by a whitehat hacker to gather data or access their system and stop the threat, is that considered ethical? How about using "honeying" methods to have a blackhat hacker open up a decoy file on your website or server containing a geolocation tracker that alerts you to where exactly in the world the attacker is based? I would argue that in both these cases, it is ethical as these techniques were not done pre-emptively, but rather in response to a malicious action. Many, though perhaps not all, top information security experts would agree.

My understanding so far of keyloggers is that many run on Python. Some can even be customized to automatically send the log of keystrokes to your email. After having spent some time experimenting with different ones and running into issues with several, I have settled on recommending the one at the link below, which features a custom Python script created by network/security expert and instructor, David Bombal:
https://www.youtube.com/watch?v=XKoTwepEzPI
Here is the link for his Python script:
https://github.com/davidbombal/CompTIA-Security-Plus/blob/main/python-keylogger

This video shows how you can use the author's custom-created Python script to log keystrokes on a Windows machine and have them automatically send to a text file. This involves downloading Python, creating a new project, and copying and pasting the code provided in the link in the video's description, then saving the file.

Important note: When downloading Python, check off all of the options for additional features in it's setup screen including "pip path". Afterward, hop into command prompt (run as admin) and type: pip install pynput This installs a module required for keyboard input to properly work. If you are running Windows Defender (which, on a Windows machine, you should be), it will likely trigger an alert at the suspicious executable .pyw file (python file) you created. Choose "allow" so we can see it working for test purposes. There are actually ways to disguise this file and keep it from being detected as a threat by Windows Defender, a technique known as "obfuscation". But I will not be getting into that on this particular post. 

Once the Python file is double clicked.....nothing happens......well......at least it looks that way. But now start typing. Do a search in the Windows start flag, open up Chrome and search for a website on google. Hop onto Gmail and enter your username and password as an example and you will soon discover that it is all being recorded in the keylogs.txt file. Open that file to see a plethora of sensitive data you've typed, going vertically down the page, key by key. What you did when you double clicked that Python file was launched an executable file that shows no indication of itself opening or running to the naked eye. Hop into task manager, however, and you will see Python running. That is the service cleverly collecting your keystrokes. Ending the Python task(s) will immediately end the keylogging process, though all that is logged already will remain on record.