Step By Step Keylogger — An Educational Guide — Part 1

This guide series will walk you through how I built a keylogger starting with a basic example and slowly adding features. I will also how the malware analysis techniques I used to analyze my keylogger. I will include my entire process for managing this project including my goals, scope, tools, and documentation.

This is for educational purposes only. Use the information you learn here responsibly. I am not responsible for your misuse or abuse of the information you have learned from this article.

Project Goals

My goals for this project are:

1. Develop a keylogger written in C/C++ that causes alerts for Windows Defender and VirusTotal.
2. Use antidetection mechanisms (Obfuscation, Anti-VM, Anti-Disassembly, and Anti-debug) to resolve alerts.
3. Classify the malware with YARA rules and identify MITRE ATT&CK techniques used.

Project Phases

I am splitting this project into two phases:

Phase 1: Features — In this phase I will be adding features and trying to get Windows Defender and VirusTotal to recognize this software as malicious. I will progressivly add features to the malware.

Phase 2: Anti Detection: In this phase I will be adding mechanisms to hide the malware such as obfuscation, anti-VM, anti-disassembly, and anti-debug.

Phase 3: Documentation and Reverse Engineering: In this phase I will deep document the malware, utilize reverse engineering tools, and show off malware analysis skills.