Windows Console Monitoring

This is a demonstration version of how to monitoring Windows console (starting from Windows 8). The concept was based on the 2-part articles of fireeye blog but source code wasn't revealed, so i decide to write a POC for my own. Let me know if you want some more features. The 2-part articles of fireeye … Continue reading Windows Console Monitoring


Windows Keylogger Part 2: Defense against user-land

Now, this is the interesting part. Recall from part 1, I had showed you 4 hooking methods using in Windows user-mode and today we will analyze each of them for answering one question: how to detect it? Let’s see! Windows test machine: Windows 7 x86: version 6.1.7601.17514 Service Pack 1 Build 7601) ntoskrnl.exe: 6.1.7601.17514 (win7sp1_rtm.101119-1850), … Continue reading Windows Keylogger Part 2: Defense against user-land