- Course
Sandworm: Keylogging Emulation
Discover how Advanced Persistent Threat (APT) Actors, such as Sandworm, use keylogging for input capture in victim environments to acquire credentials for new access opportunities within victim environments.
Intermediate
- Course
Sandworm: Keylogging Emulation
Discover how Advanced Persistent Threat (APT) Actors, such as Sandworm, use keylogging for input capture in victim environments to acquire credentials for new access opportunities within victim environments.
Intermediate
Get started today
Access this course and other top-rated tech content with one of our business plans.
Try this course for free
Access this course and other top-rated tech content with one of our individual plans.
This course is included in the libraries shown below:
- Security
What you'll learn
During the 2015 Ukraine Electric Power Attack, Sandworm used keylogging to gather account credentials via a BlackEnergy keylogger plugin. Adversaries log keystrokes to intercept credentials as the user types them to acquire credentials for new access opportunities when other credential dumping techniques fail. In this course, Sandworm: Keylogging Emulation, you’ll discover the many different ways an attacker can capture keystrokes, including Hooking API callbacks, reading raw keystroke data from the hardware buffer, as well as custom scripts.
Sandworm: Keylogging Emulation
Intermediate
Table of contents
Matt has a degree in Chemical engineering and a PhD in mathematical chemistry. He is also a GIAC certified incident handler and penetration tester and has regulated cyber security in the UK civil nuclear sector for many years.