From 0d51ad8706ab9b1deab91f272d96fc48eb97581e Mon Sep 17 00:00:00 2001
From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com>
Date: Wed, 10 May 2023 21:12:05 +0200
Subject: [PATCH] Update dev_journal.md

---
 doc/dev_journal.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/doc/dev_journal.md b/doc/dev_journal.md
index 035b8b8..9c12eb3 100644
--- a/doc/dev_journal.md
+++ b/doc/dev_journal.md
@@ -60,7 +60,13 @@ make -C /lib/modules/6.0.7-301.fc37.x86_64/build M= modules
 make[1]: *** /lib/modules/6.0.7-301.fc37.x86_64/build: No such file or directory.  Stop.
 make: *** [Makefile:4: all] Error 2
 ```
-[This](https://github.com/jarun/spy) named 'spy' could be installed after installing dkms with `make -f Makefile.dkms`. Then `$ sudo insmod kisni.ko`.
+[This](https://github.com/jarun/spy) keylogger named 'spy' could be installed after installing dkms with `make -f Makefile.dkms`. Then `$ sudo insmod kisni.ko`.
 Then `sudo cat /sys/kernel/debug/kisni/keys` will show keys that have been pressed.
 
+After installing some updates and restarting the machine in the VM (Fedora 37) (it updated the kernel) [this](https://github.com/arunpn123/keylogger) was installable but some time after inserting it into kernel the VM freezes. Could replicate a second time. 
+It seems after restart kernel modules must be reinserted (even though spy was inserted using dkms).
+#### Next Steps:
+1. Test some more user space keyloggers and see if it is truly basicallly always very easy to detect them.
+2. Figrue out how to detect kernel module kerlogger w/o just scanning for suspiciously named logfiles.
+