From 72bbf7a575fa55f3266eea839f2f78e3726fb621 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 11:38:35 +0200 Subject: [PATCH 01/14] Stop Kernel Detector from allways running and crashing the system --- src/config.json | 4 ++-- src/kernel_detector.py | 0 src/keylogger_detector.py | 2 -- 3 files changed, 2 insertions(+), 4 deletions(-) mode change 100644 => 100755 src/kernel_detector.py diff --git a/src/config.json b/src/config.json index 12569c3..01af0f4 100644 --- a/src/config.json +++ b/src/config.json @@ -1,8 +1,8 @@ { "white_listed_programs": [ "systemd_logind", - "gnome-shell", - "systemd" + "systemd", + "gnome-shell" ], "auto_kill_programs": [], "kbd_names": [ diff --git a/src/kernel_detector.py b/src/kernel_detector.py old mode 100644 new mode 100755 diff --git a/src/keylogger_detector.py b/src/keylogger_detector.py index 591fa30..7220979 100755 --- a/src/keylogger_detector.py +++ b/src/keylogger_detector.py @@ -13,7 +13,6 @@ from utils import ( kill_processes, kill_process ) -from kernel_detector import run_kernel_detector # Global variables/CLI options @@ -294,7 +293,6 @@ def detect_keyloggers(): debug(debug_option, 'Kernel detection option: ' + str(kernel_detection_option)) -; if __name__ == '__main__': detect_keyloggers() From 522fb0a84720cacbf126e80e80ef8a505c5aeec0 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 11:39:09 +0200 Subject: [PATCH 02/14] Add QR Code to repository. --- doc/qr_code_kldetect_repo.png | Bin 0 -> 45612 bytes doc/research/acm_2390317.2390326.bib | 17 +++++++++++++++++ .../acm_financial_losses_due_to_malware.bib | 17 +++++++++++++++++ .../acm_risk_of_stolen_credentials.bib | 17 +++++++++++++++++ .../citation-strange-world-keyloggers.bib | 10 ++++++++++ 5 files changed, 61 insertions(+) create mode 100644 doc/qr_code_kldetect_repo.png create mode 100644 doc/research/acm_2390317.2390326.bib create mode 100644 doc/research/acm_financial_losses_due_to_malware.bib create mode 100644 doc/research/acm_risk_of_stolen_credentials.bib create mode 100644 doc/research/citation-strange-world-keyloggers.bib diff --git a/doc/qr_code_kldetect_repo.png b/doc/qr_code_kldetect_repo.png new file mode 100644 index 0000000000000000000000000000000000000000..8c9889890f69b8f7907a50bbeec989923883fb1f GIT binary patch literal 45612 zcmeFacUY6@)-Oy51PBojBLs&QMF>umfFQjiU;$|&QO6LfVgUsODTV+cDu@vfks_fe z7Df?t>~y6UMG+l^pn#w#2#gXza@G@c%AR+h_uAh%=ey3iuK8o{*|W)WKli=by~=N` z=ZK55!#wOFtcZxnyfuz?ZXzOR0rDS74E#SCqS2lrBI+V*?5sT^wvD{(+xM$vS^UGP zuWBZy3$F%TDDZb*ko48n?DObvnR1J)4C^$eKThWfrUwL+SQO4%1Wl+C!F>Op5nC`8 z>4F=%Kg%Zm?Qc`HvEv&g|NLv=gG|FfD?VcaH68J{KcNQleqZ^Imjt)Pjtd6SpFVzn z=^uY;vYhuX8-l;}3`iT{3)HW=#PiLzy7W5x}&XFC7(PH$eTlFMvwbd`nb z--uzwFaFy*tE#eBa%U>}u`y=<%AG1;z~9~(`ws*DpyB^625?9MH8r(h=knuhW~koS z^ykq~QHJefRt|XxC2P3%HA?nf=8r>t^L#&B#%LJx^R`c@(RuPXjqyG;xz|tco!u{W zZ_yrl+}4C^cA}L3E3vW&ct^&e0VAZQo>`?v8e@l z*25bkpPCd%M4lh+)7tkz<&XnCSYfJhqrkf(>-%% zgPZU*@sGCrcrW^6__I%Y1P11Jf3=HI#my+Ak3_r7GWKu}Ex_~~gMHomp;++S1ZnOl zvdB?rdP&DS5D`R&OH)tJ4y59rCa5AreeQEvkH+5AL zb0j_#GAoVS%7UZ(#CkVsQT*uA_(~ zELZATCNX#Fx=3EwsXIH>sqmMB6isHKBDoScZ{B<%t)%d10*ReIOp5A>hnTqpg*O0-9ES+0$qE3gwX&QF+{BA>n9g;%0;)3T#m3hjK?O zvS7rRKSw7%i-u{{^m{YBuWY5XBgMrR5gCS)!k9O=){0nUva4mWYvjpoXKzp=L6#fX z&k{z=a#c;rW5v)0!lOU+L&;)HV4D|fACOaP_R@f~(NeG0aRyJRmrFf6csu9c?jn8L z*-gW{GkR>C6~^hSh^8Bg*==O?YO7;Hwi!^X;+ZnQw6~?YNkt(q6enXPXmL~WMf{}= zyKD}eS)pb6Z+0OM%WjO!K6`_c#){5#YG~^m&i{9Z(^md0ZqBPdrCuSnu0X6&lcab%bXpEDy zA^3T0Cvg1;Jn7)sd;Iq9`J8qF!q~o>p99(zb$ezkpL@W{k1rEG+wNXGhKC=50O%Oa zPh{gHwFhW@yD(zH1rGzI6~ngE9t#P7XA2x@=jDVqDMHStMAhG`eV)w-o~_*Wh?Ns& z-<_==%XGlqymXQ=K(i1)WS(# zaIOw{0ars30om{8K>@k`=yV@BEpEbbjylJ~astg;V>xcK3)_l!hc+;(vQ>gr^~Qo# zUo~6PWEB3VTa5gngO$9jWFB8#4f_|-e5EE=SEO|}nE{4-jM6${ zAr>o@dMPclP`DldrTIb>G7M}!LZYL1x$iRu{Sq>k?`Rmp=8-#>h+vx(~%e!9!k!Yby&6)&Si{!d;3pSFBS()6% z6wQB6&$XlfTj?p-%GWtuw&Uq**M%vWa9%TI%a{%1l~szl!}tJKZ(HXB6*xWVa<9O+ zUqm-tO6vBUBBkP)r4G*%;-L*oG^*E)8ochSKlFSq$eFN|aNQo}W?& zZSW>Vbbc)bKN|GgCO^^IaeuUHC&sKC=hag_V~QB_PphpL-lb;7jq4Pem~365-CvaK zHaq&lI=!_t(`Gd|?dhM)KJUbkM^kLD<)l*AZbflbY$Qc!NQ$f{*10L21*_T`?Z{oG zEN8QfD6Z~<8(STy&Z6SGNh6>P;^vu%2~d0lA-X=x#-9Il_SCRO;`}Mop4J8<)rIB} z6O6lW&GyQou@6);QuwE9$SM3Hn&sJ29jqCC(pv$M2S+rb2=;6Rd##e}6MM}r)}X2t z>)T&0m_}Y^|L2#jeshN0QUD@qC=E7f!mSmtT+*jGwIKAwlM5uQ3g>8?EJHsS0gO={ zvhE`fm413~hbOJ{#8uNg>_ZT|Y*fQm@(AZ`f`_95SByYX4rN74CcoM=_W)mK$c5kQ zY;C_ko!ZbCrz&p->hdly?Ax$@|qQfIdLayelltAopg3Y{m&fBSibMqnsluGXg@6IwMJO%Oc7t;sZ4M{b4ul z-5S;arF(D1ld|c$tfQ*w0`2z)KRg9Ss<05LEc^?(;s;L^>8(X>CO*e%qmg=ohYi-M zj=)Q5v-&$1nd5@(SXT15?CkQ+HMk{X;dc=dFN+)-6hu5Z_(~OnPc|p3Osr&4l_%Cz z9$HJM;Uh>x)nr6(IT&D%;F!$vWM?nKC9fkqSm-#Nl)O7ypOoNb$$x%XQkyw7b2XT` zUM2uPf_Eg(g-1UHu zkHVUo93}%@P*qzZZ+7p26;X>{;Qk5wrHGxP+EPOfqQ&9$F2?5boIcm4$|6!H$y$UV zKKZ!X=?8GfybrdIkCyg~(?A0@js?)MO_j-SheD1OangX&m7x-@t7?6)3(ZLa_vaHY zt^gxVvDz&KRrY@+SF6q%|8&p?!wDkuVu+RGg#>);VO_8-%)fIHJs^09$0`k|&1^ZB zMzH6NMhHnf$!isSyf{&3jw2DGyi5iIvE@dCX@|b1*HnZB(Sr@dB7gQ4=S4p zxutvTAACHIl@OyTTZV5KK@6GF!as{lZd4g139hOhGICX|GeB-<9X}fxkjexPXJwIN zLSK|mF-aKc167OQO0degwaBXxD;)C6O+0At5wQbZ7jXU{H^fvofCIcNK)(&ClS-PHWtvoq{OVo}25qp0Rz$J+=# zD4&Djnm!5#Zh%|kJMYMJ^;eh9qTGegsZEUSgeHdOr35_9uZ|#EqnJz2WWmK^dZkVmG5zscdAgv3k}g>9DWzS}a9CF?LC2()A`K=pe8$VR z0Inzlr{~{JkUtYxw$}0EYWrlOdh|o3L}~*Ge7O2Wh_iKN$D=mvd-8y#K5oD=ZKKUm z9X%f$sxPUH(qdz;4bejv|4K8?R@}JbbjP%em?NP|FU#>iLr{zbdLVS-Ku5$d9iZ|1ed+Jz9fu z?Lf>aZqg;w=1r?=@PPnVmjG*7y`!4a+Zs;xRITemlC-(0?vn2|d#&$Vlj-j0bc`|a z0zApA7MveJ(i|u2{TujXNiygUYy7XAdmwYBW}YvNOgpMAsJXpho(f!lu&rg}GU{HVb^#Sf(o0 z-K)oYYJuBnI-Ewmkn@B^g^S|>lEV0_^Akt@{p^o>`th1>V-PQVwtaI59N#5F`M(I` zQshF;2-hl+E+Z++!8H=#3fBlrJ7S{uv`wIbxHFczyl{INkF|C9H?8}#$wHIG=T!L~ z{86xzXi_BqOG_-5-9kEannevG42?KJR)p`V#0swut{@6+4v!ryug}h< z;?t=e@kmxfao^deYSV(1LSsB&D|&q3=b0<4AXw`A;?2T>hMNbsmvgqT|9FgP{kByehgAHkm@%2y`E=}AX&Alx5| zGZg%)jZ{8Hks$nOjSqGMc!xUiShMvzsnPl)wQA}%O| z6jMH)QdoPYU=fDBKX5Tb1S%Mls5BjuJ9o~tYny#|>jFZE+$-*(`Zu9+TsX<&EL)Ex-5_ny8^q#Y#*kj^bP1Bp9GB~8?~KQ%pr8>RZ0*zi@w1uZIweTx zy|~Dvf^@#7hBSBd0?&Qe1=>>uRq=l|3$xt9 zB8zMkry4YkWCcwd@xl9#I;7U0S&;yn3gd$uv$M%snGOoptKS;md= zN`(U3W%Op8WTeo)%UsQ7w)ON&59H~9)ZKq2E#T#qUKY1Q9S2`&wY98*{WtlzZn&9s z1WX67`fJB6HPCIz$n)=o*+F4EJMdEKT^t!JVP~BNZaD}i9h++yb@$on)z+uQ%^OHr zH#99Lk;=a*Rm4PP zuFYb#bb&J@WcM#8pBvL?QJT^_Usaoqxy#p~^wzmF1oez4e@2vzsEhrk!QdfUKF;UJ zyV(SRQ3~^*Bbv$)9_k*I6g5YPd{BP!n2U=q@G4>3s;CLIMfN5ZC)f+6OjOCn7QpNiC12Q@u7j zU9vK`KbKt8{v7l51wF?I(!9jp$`#^FB&EY`ZmA5GZbxeWdUi8H}- z;>M2tbhXxkDl?ovM&4mJuh+RI{?6@@&L4e$d_h5KpsdFySP*E2tWwGH>S3mK z=E!)sgT;DtCd_jEt*X#wkfXUhulND;%WFvDf-B0nJNn7YweeYPYTm6y=;(*Hv|h?? z3e9W3Bg}}8hPiodj!JkJc)50N-{*Rzrwcf;t;28<5vW95&ovkjZ{Mxw(w%)IXL7J| zLD%nx+{yN^PIEt`pCmd#Nmp`IzRs+aiI)i9|Eze^1J9duq;x5L;YSH;ez~+TF>RuM z^)7m8v9Zeeb4b?0eE3l2KIWSYNGc3m_MA1P|FjCXt9~VtM;s7D^u9k>kXp`OY8h&P znJNg~a9i#2phaG|ERyT(9WE-p_DS+-`&KrJh@`5VDk0}ZRLkmQ1|3D1vD0*Clk}Ni z{kWxu3yg z+awb=9;gV^t9cf--RGdhTIX*}%#C{Vl`e$Ly!-$vCuC@KY>C{{>;+@ zUFnKuHyW+z!J7LXWeXtr^0O%X2_)}|ikrBTGyfqO+fwTipuYDpX4V9!`r?Uy-ZrHz zeTi!z8K_fqSy^nLeFadDRX*HNH!hQ&GZ@Cr@__&pM4H|ter8KRtWL(A&4}PVqm-(& z&oTUU%#Alk*0!l;%(OiD#+I8|)6qTVNSdEfoL2Mb`I4=cp(>aJVT$AHwr)jM^mb>7 zi`vMkuDmbN)`{4Y#;oaC-(Lh)uyoI6arhJbm}Xjp&B_@sq~bH#`7Ktj&d;0KPcXZA zsoCP5-Y+%t(x8+=bNtCzvMKK;pdL1`Gylkd3d#7JXmv| zM)x*7Gsp1y={@ZWPUe`C`KK=-i56f>h{0$6-6$l>E^yXjoxSdG^U$D)uq46{{&ElU z2>gyYbzzOuex5ZBH}nTz{B) zM~Mj8bSfs&e;4ZqO{ia2a&GUFOSilutZ1CGUC?X_CSgwUgeE~-F=EeYRD~C$96?+B zYpV{J%`yD==a*-+mKjHRjj!BXPHc*31a!_J5N+p+#_CG4?_a%8B5Sg0?g# zGT%qcFP;V=TKmRY- zyeqZ5>Ysl4G<@>v!abRY-){4^$=YRh1hKtF*)mS#QLDxsbCM^t2~aN zC|ggjtsC!ddDxJdx06pi;PViO3NKI-$`ngn?tr(XvdD)IoDV^$;)$z{K1 zxs2U^{PNW;WKF1-3CirekvAVfYDzsP=V2X|(;{kbIR^kJBQo>eMl%(3AYJ_`5UadF z+!?3b4sQnwN8|Tq_MTElFd8qTU+)f9Wn79_jA^T}Lhj6e`Q@frwYoeV>+isadK&r6 zVWtK82%^i<;x@STx*VkR2Nx8i>;%mQymfN4ILNS_zP-gv5e@eV=npMJau*@fA30Mc zT(U?WX}r=`<%@jL#L|Y8z5MyOttrepFljXBa0?3Nz{)=@346VI3--)lub+{`JRmrN zlnA>Gb$Ud+-!?Z&z{5Q%8QjT2!3Yz-8a-dKiSiOSVtA22_n$YmCMAL<3 z{~_9(xcx)4{~sldHEy{ICHnwSqowi88tYr=!KH_aN{yuL021*>_yce#5lj{?nj~ng zwql`hVNerGS6LNs0*`$|Mne<<0mWS;SpnfV`1mLc&YRm3J5Df_GHyaoiE%uZ0k%A>#L336B^8LsW^tqdj#r(7R9&QN}OCIN-ZNr!hI zbbEV9`Ip+wptg(`p1~8+$f`Z|&K8oGo>aj0F0X%U3)o)EMr7T__RzuJfl^N}7%NSu zu6HB9-Dc`rse&d9MxZLAWlc*N=OLzhoBC)XUpHhC z{IoL}>w@$4J_^4y{_WY$_WfRSHE=--DwDD{veW??{Gy&dsV7Lkp(HaPaq!x>+D|Z2f)F?i98{#E@4-aK;*gu2dGAo7p zXQ_W^^^Y+8hl=BvF0k?HL}R*e_zXi@hlbN0gR1Q4YDFiS%Q>CFXx$t8t@|>{4TD3q z#{gb;%`yZvqs3lJtKq@IwnwNgGw_|ZK~k4bmZ9C?p=#x##xUo zQ6Hlgc~lcRl_L%%F=Lk>`nY=Cg3j&RAL$zYT>WZ-U+_Aqz(SL<@PHw}l&t}FVJ8#w z+xpHa$6w8eJ%aPV_(-Im&jqJYSxAGGlp+OpHR>;O?{|{ znM739NP13n>s*3{|C)7j?N%-u&(5(D^&Gt-CX_PDoQ zd(vfkft>yYfHkijEmS6rwAQF>M8Yg-_gG@R736ZQPyf)uLOm=h3#aofXNIC5eiV-Z z?+o#-KBu|xN82T9P#EQObWv3QDO`tNasQOhWna&Vp{atxqf`x6G%qPdXQ=v=Px+C_ zMn$*TZpLm60K&ob<{nFL6>%~dG(s}k$m!RnAb^CZiQWx1!L!pV<3eI#w<5!;!>t0D zd1HezsVgRzOmb(Q_J44?^3B2CyyE2!h`z@oyt93(tc~yAePiJht7*ElIOIhr*1W{P zr9mRg0|6~R%@!PzkDTbuo1cINBd;y)>pj-z@TjOvG2;zEA9m}rUhJxb;y3PB;FDHA z))}Z=H9tZg=aq9rSL7-zs}hR4>JOn{1$P6WuL0BoX(6rr@wqjPND_{p8+4SojgUjT z+elZ8^xDbg$m%1$ClCwHG*D@|L{b874>#u}sC zflLX4iF7TQj0<+XyZQv0w$i2hlDcJ!9jk<~{iMr9}A(~@&G2M^1 z%qK!I-35ioP^^orir0xZxjdrY2fA-^F>|#Kt!11R6=^MN;CybZTd^6ke#_gm7i8r9 zSYp}BOJY#Iq09|vtkS%NzRmn09!_qET}@`3^CY2{iHV6 zEgiPR!ZCHVpj&l{xj7{}e6h!Ka(pWIFXB|QT9l7BRd{`3S$+!Ms~TK6yMVPn(7xt& znyWai!xjLj8j~H3Y`_~5`u&iUzqol=H*!9bARJ4U^y!j615F!V;gc?7P}qzZ0z{gs ziA?V58bt(Nm_IQI(8B14ryIzrajF4ILuU7&E~E;Xd#G$#hmD}tROg)QFb)Esr5|2( zPZk;W*k8LD4bbmKXNwM7hhv{sL)j2c#RaRPvMG^+Z&51n#UCy8+!wUe!6Mnd=4I`G zt(F=>b2mVK>I4*b90alp!-Qzp4g`kSZle2TGS0a0v9ioMuke)VIOwYhkv^y9D4QGY zC_P{mvTxj~Y{MAfOr5PdiE{6g{AoZ!a+|Gkco|#rU0W3tl?nlZ$_9Wfl$O!}Ux=qP zG$I98Y~&C$Xw)GIcD$EdUCC0jm{!1f0|LEO*vw-L)KWG{0%S-<=0=-0!>ni$U@=Zm zHN?$Z^kAb<@-d(C6(ng&#|=RqKhD@GKlHJ}q)P+I?1es+XANN1>liHGDlHeV@F|Pl zC$*8G>@{Q!L51mM98o)SrCmJ}HUsFb`-N;mC^9TAYCazz=9- zftnN-f&S&~_n90P54FEwtejE$0UAJP9kqQ5>n%B|CVY-U6O-59&-BaVxr&?T#GbQN ze-5Gxl~-yG+vtOzEC?=B>K(xS!Cz1bR)E5XmKqcuy`k3xisB%fbYF!dF^~b*E>%BF zT^I2s3-Iv|5s0U}`>y+lZ0I+5;bmT;4`g38UI@n04wJJI( zh&{Y2p&=fcW%K6z@}Yc=YsAeRWmWOf9NC@o@Z(HPQ@)j~iotV5sJ(n+arjmx8_?pz zDXyfN&5ajMD)T9eq{3xS0f)c&M%aqXTwuVQ^g`(x93F`F-qj6tN)INxg&L9RFO5G) z1Cwi)XC6{F4;v>gPe)fbHliCXstd7^Mkpt?)is@rm_D_cawFNjFB(-Bmzbg#{2$e1 z9+d5~$dU!VvW}p}tnX?Z(&@*P;H#^3Eh6=!oeqpcn?ukw9g}hpEg_3XZ|Wr!dAG@_ z6uKl_Pj&y%c$}^;|3P(ynhC$d^*%Wj(MVlW7BE04y+w#dBI&cPBM*xeTa?ZYhIrN7 z4t=2rOlEJPe6@-k>bKoYl88%7lSqw;b67YTBAO+`+)g7;*H}&k?p1wtGtJ!2D;%R) zVyd)p3@Ch;YGnhI2V)j%?W_Q0dY2Ac_A#o)CnRHE6{jAsyl;3XCSkvWEC4enW7*(8 z4CTM>plTqFL5aM{2AzKBj>tU%QaeP?V8TX0=Bw4FX@Hrxt5*dZumhW0_zRb9W8c?z zu2EDLIu7PMpOJoOr+B=b2DQ#_EbiUwF9}8l3GgL%E-m)l*I&C`e@D()o<3ODFvu3X#NSDLW@%}pIJ*D^P}zc3MFc+EvdOiN2vV_NL^ zvY|dPeHGD%hyi7cwZAf}+p86Ixby>Vy;r#2MIKN%qC7SMbPGs;iq9cKl^Du{NE_M+ zQVC#+Teobk>3oWle3zn%?Lqo10Sp3WH^1BweC{Ob(y%kz5VK~o;Ph&@j#@~26e}V! zZ~3Wmdzt#-6mxa$%uc+C!)~Z4C)dJ=#6%_+&*uTvQcOG#1sE&<$9oqj(mvEH|k{o43*odtT%;f*m#EDdQn7Bkfy zucCXEiK_*cWQra?uImDzRH#57UgL|CF;8|Kt)@d`G8h=yAHo)8EeVJe6)-B6oLiYB z3WgtRR@Fg=7a%2jLPV>LyyME9)ZVRJaa#s6^;~ivcDw z*(u8cPQb~L&I2p3dnX0w3>TbN);*#Nz!_aX4nE~MPAL|06o6g^*o%hPd=YC|CNY-d zJNN6H<)*R7x<)>rA?hG#a4o7JmMO?P1ECo_vbH_wXe1d8K|MR5g9HR{Howgb{ye1j&plt*_N36r{ zM4Xj86mwT2&=~nRNx;=q$yqh%A{S{Bqb)3P28`QOxuPf<^tf71pFGtD6B5|ss zwjxAGuOSRF-f}?17+4tslyS9k>##*Ux9`U^xfn4kGWs10kh$7MwtOZE3gAL|X7{Y; z?yJ*yz-wg$;*>O4g{y2a>Qdh&LCRXps>9Y>QoSD%TEHyJz-AeBgsljbu%IoZF%et# z_ai$jEO!Lc#Mlt5H%HITY$=bF%sRqd{%A5Wz9{5zK!b=z^*2c%5)X?=MoQvP3CeTK zdb8^psvp=|15{d#T4OCMuIdf_sdE~ITv$@(Ey7kWp+*Hqu4FdNPb0)b{qi4y|3~2e zBJlqULN3T5EpKacB)36A<(95hT6$?ftf~pXtG>049SC+CAR-I4UOMA<=^^H9}ZK$fcJF@CmwpBAV@(fv~9fd5QHC-9S?0$Qcj4I z23X3g0aX=4Ln!&PPtBi&F)Jr3Th4}9=`Y=9wyb$NqD{^GD&o+9SC^oP1gpaC0@FpY ze$BDT<4YY|kzPYuXTOgBm6h^B$|=j~^Ga9jtg0YwkoX1g7&RZxJnE@cjGAp@IHViw zUEk+ATbvp06`slN?|bxRilF6Sf9yDqCL*)5+-oKDVVYY#8U`n$;cdziB>z)c_&|IO zv1nfr4kh1ZTNgEAi`kxP)P+N23t(E}8Y=LLQ|iF(a=5;iG-Vl`1F)!jOK{%K9s8lj zRtt(24#)JG$Y7+mi^zvRUNR4sHoeQI1-Q!jJ1CSpDtEzsajC0MO`eUP7u{+_5C4@~ zk@?ykN4i(`g}ee0)ErM0x7-s(CD4CwSItGyFeeSXY3ar2UjZaT58tq3v`?7w`x{|k%h?BzcPDospW z35eCCwT|67WN98Y=>Iza%zRxXM4PGk-fhkvt&8bx)Y+#S5bx9^62QH}pcGKRUAS&V zAYZ}cZLRDTW8t%>ZUHj&oL!28|3S5Oexa5E62O@Qa!nZ0BOPyuXzx3nd&)z83JLsW0~?2s<|)-&EI5@JLA~TGd1zjyN9E zAmSun4|5`hVC&ynwqe#m;RAmKaFy(+3+nNz1B|2m_o2&wMr@Pc_2jqbUG0VHI?w7= zN@NiVmSzL~lMKy04FGwqjm%&KKQWoHeZ?tYUQr^A>@jUt42?dDI=jg;@4h$)YF_6> z+lwpZ0S~LdArbU>&D=7~NYZ#1q*Y^eMm}i2H=nU-Qk(wQ^F<`tprZ&OUZeEk%skyB z--u7?p$Nj~%vl;4dTmS#%r@oRlUW{Gk@9OGqx|e|WZy%xPjDUmmy|4?j>3qCyDbHC zJ<38IZW8>Yhi`dyDxa0b&Ain3G`0YpdO|-d^}Gc zeQnH`tb<%eej!^_J`0H~gwR_M?bPLHy{1#@1_(axNY%tT7i`n>8~1k|^yQANUQbkm z9FvF>($o!@Gz0}Mn%K5{Qzkg`=SsIf0+!;?sm?A6Hcj(8AEJW~U?Bkpp%Iw8KRtml zY}pK8J%pWLu*)dW;G|$rERl``sjTKo1eK_y1Na+|((B8iFq>$AhJVvsT!?i?{AzK> z4+N5!Ke1@6gD;=3`Xpn~c0Kh=NS}RO4;jk11B^>hg>*j$V}D$s3)FddIRcq=y`(IY zq$*SV0$oXu)dZyI!)4puLc$0kwGHP}piBNanMXyIr5}8qKe1FY^gsqQ@%{UaR{|nk z9NMCDG0M6Mfy?pO<~zKk=UXo)vo%jbqWemY$k+BgfsN<0*22EUZF|-qtq00#SS%STRHCi-6@sFt$~^MCwk+ z*{6WoBSs34eX&a(yeeVY&<{fBnB9ExBdk5zDmb}-D|q&vthCYn0xT_QHd}2;i|dDV zo7=_@IJ)}2-|YtLLF;Ifeo_tI`+N+*j}Ip=TTefDVNh-69Y{%Ac8`rCIOCB#CzyGa zHMbA!RYNFrSR)W{&Xe>DGo4oHsOCHFk<#>^I&2>=W7ih2YqdXD1rxYX((=59&B80I zU|vw5-O?V)57H3|7_2qbt0!V8TB;@|ci<-^p+Mj~fpn9HD@4M8u8*yrSKb8$6y?6r znQ*X9kW@f9B;Th>vuc1K1*=Z|_&R^h08|Tp)Upzk|4P-nc+O2&*_erERERakNY!NI z4!q|SJb3Cm@$3{bWTV`LmY4hCI(M5N!?6yy#rRfA&8brot95nZrc1S zarLq5H`c&<(9B5cBxBuU^FOgX=!^9(0_OZ|7GvznN}QufaHKSG;PCJe)A0WdMUW*n*^R{R>`^bAif3A*PQ!ki{!gF)dEjrWd(C(=UWnoz)~&~Trb$z zQN)85fW#B7DhBZH)T(lrCe&0j{=oLlI=R6SGPI?FRgEqA0F47jA-{&eSa5qXuOo$1 zNyeK>u=#*SoM+@iZre=4BbMpfjvv;^ z{Q?DEHr}ACM{}V*74E}t#`L+O8|z5J`5Ju2sUXNXZSZ1?ef+2^V{eswTwUDCqUZq% zhjGK<$BC;YDS(4HiZa|Cs0_K34%=6)m2`?dG!FzW2Dl+IZ%GxJ_$4|44?{taAJ10i z4jj9on8P^iGOOr7(ejn72N3G(Z5I01Q41jr?TtmI&7}(}kf1qa1Aewr!KG zW7?+do9#)=ukd2J7!!WBp3?lFrwFt%08SaeBIl zY`qBP5f0z9EsKk;UI?QBki6`b88w2L>ThP~nlA_2W)ulGu}~4XiG6CJ1sgR(v&uf3 zz5P6+1G^9=JU7kuu6*4y=q~l{hSFKtIHp=4)FCZr^Ji>e?9^@oDgE9J;)IT+d;;FFno~1_w{kF(dgSoA*yRVO~F)>%=Q7BDN47ZmW3&DA-w_4?o zoRu<>+xo{QnANXc+kqT;Z(0~k<|T?t1N%}4%+(S>x36>|MYR_mY8Mnh(hS;&At50! zU-@CT#mUk`*{)yI2~&H4A7ii8nsflF)02qo`3F70cs%5LzHLL`pE=b|YmO~Fw7l|= zDWiZ=`!NsU-8H&5+vnl=W-}Ic|jao7*RoZ zg!FL!ibwj3Am_a5#Wj|8hhHFe-P38U62?<2C!V&L9UU*OsyR4%`X{)5%8dqKHcy(5 z%<1G;Nyfj$%=UxNlhaLwiru)d*c?2oI4g~Em3${Ei`1KuCLC(cICPToU8#F7$YG3HFBO0{d1yP2RxyhELvECokOP}Z-|VEsDv`bLniK zktv^2QtchM0Yzk5=f1!0FQj%Z?<*WC_WeX7-`c_c%M)>D-mDF-Cd8HbIy)+-U-yOb zcG1@7dfwp^t6LSpNi(`yj&+Ah8&W7kFhP0K@_tZUhiNV$bwYZ9lRDRI2GuA(11AN7 zS5FAka;ml}!`KNOi#Ud5g)l?@2<{q$#B0sM{E)sei1Po-4FQQiwNnm-^IC}CL}t)~ z*9eopYUn?8E_LeC)JtNk`aLcYy|Dp?npGXi{)NJV+Ad+mXLlRm#z|O^NL%d5(>rNfkzprJJ~ux70}&RbtD&BBBA;Z1@4c4 z4}!og(0pjP7iP5h!0-`O6Hi^FVh%-nC});sX-eb5wvFtE6Sy@rQZXhQgn0kCSz6pu z3RYsNs>vrL{RvN4!@!-8V+gibi}ms+UVbce7Q1^@;E^O`uZ%)6kz_iUP-jgw9fTTe z)7j-{08%}M%A6l_f$63Hj8H>&yWb&W9yw{{xUe&qh4q;~dHyBRGPhdi;t8#k8Pl7bTH9lDR-$!vB3{nykL|sb6s2FQZ*2keNKr zBP9T#;0rMWb1*o|ch(yOiOib$?ndfk9aoQ1krEG7l3!PFp6FA(xf4EDkU5(+&TW95 zxGfZRn5{Q1g=Vo_jYuCmuCl*9(ZsN3@5CWWr9JWix}tI5kJmuYuH~m*{((|&ob@wZ zEe)Bb=ek;eRa~)Ksq_xNU=SHc^H;lw42)xR#h;m-hlW~Kh!rp2cj3PnIjcAKw;>wK z%E3qxF9<@?Hhdm>#BC-am5u}X+r_es7x!K@y0oT-JqXg;!L1N7@Y9b0Htte98x~Kr~9AHL#h0mdBMS@mkxqq}zBZ zzOYWyr#7FD)A6pdI)*Y`=lN9sG|W~!Oi#|z- zI>OPb5V;A>FeF&dxqSa6TwRqTq5#Rd;_vZHr<4xRdYj73FC*8J^^lQd0*!fuLb(%^ z#{`#a_~ltIpcVDMdcW`j95tGss*ld_EcP}kYN`3PX!lkHy=5w|s_5Q_QKrppi&A@P z>%T|{6oRmWWb&w}tU+2;JPgLUyK@D1O;$;al-q=)8G%IMUCwwSuF~@!da`?urNkMl zgc?M_57%Atq(J}p7%Qea+aOpW8imFL;kv11x6c8(_0$o3%W&qUXJ}QN*XHYSt_^SF zbVj6mN)DFuqzN$kwyG`li2=l;5YlO~JX#9?vFdUS;#!%V{#QzMkg0iD4!~k2OiEIS zfFTjufc{XMuKb6f{}A;5S_vJ-TYkp^{68bDnzPlFi?rP%u+3W>ot%1gpVE7NXd5Sc zzoU55jDlk3cfNQj9(;R;Dc_}g5nON)ByX75=5ei8Ficb*p-%dc0#LdOFJ6e&*%Of2fQHK|zp@4vKgDG_i00K3S z9J;$3aTF2;u8D+H`uh!5_LdxI|Pn>IAeg=puA*af54sJchXKzuGNBwg$s0!Pf-m^Bh1zwqsRD3ig2tEO-x8 z&R#jCq;`^x;WBHjX)9p2{Q^VMzP$pROxu~KT)aZyu{3Qn7cMtK#2Y(RO1S z3jbhp`#!Hz!jhyoZGFsvrNz{J;CGDdF?%t2gl%JU0A@}APSa3OKGSRdvPN>=5|Oi9 zw#YmwNtwfS1Q-nnuuNtuT=xM?cJ`u=vFzuk;^7+rejbQ-2W==U@p#t!MfM_Vtz}V* z#jTQ&<`b}n!GyO1^s?9t-EP3Mui zk+3aTn|#^Ee&O$e?M3*5o%ujEBFy`Q%T&OW#wsnn6eCrZp=BQC=?OD!pfivJXM%Yf zuPQNTLmZzNovv{QRiGHew8zvTyBnU{-QACu?|mFh0!mZ}xnal8gNt1DBQ4&|s3<6B zecxWI^}3_byN%%0-2c7UlzNlI#6k~h zBGeNfu+(SCq}LFiApSLd$3x_qpZJU-W}Kn_{_cs!^@8+ z=EIOFBvKbpXGhQM`IGD=)I2I+!^}u8L@?;;fY}USB2eO9O*c5`fA~5?W(9@oS3ruM zHfK*@^pJKK7cVn6oF9Y<*zmc z`se-kfqk8Z(KURX_11h@r+hTXuP{(W5G{?;;Os zjQVdha!*hl5b~A>Gy-TzD{X{;7I_!F+C@@wa740T4wH%id#LjwzGNT=3;lMmd)FT| zE3y*q(n-IYz<;r_-__C+v4I3fp$$YJ>Nk#fjII9uI>>7&6{?F9x?m`G+kD&86$arh zt7MyOoNudX`0Wnw)Np##?+KWnHyQ4;{&sz2zBT0~3u`lDS#_T<0<69y%sIhKc9Oqdir9Ym`FTA%-|nOsXLHwcY#bD+~1O2QC> zAbnW5c5(egG!&PU>*u>?+63-Z=!UcjM>YbShC?NEUMrNg^Bddd`3A3u>QtLnTuSxlo46%Z*@I z8}v9nedq@uOd2Gfpg<_xgQ#YL56SxOV&D6F7o6wVi~Ba%isGUKU#0o!#6sSwAbj z0Qtg6&27pl8yCcngN~PHKLS+S$qb*0N_?@!fbk}evF3!8-V9>cE+fMi{R>3^i6nD*-gVM#E86D5??4x{%6N2xK0E{0%=A@=?6{MVOuv zCo$Em5t!9BSZ4V3Dx*4qxg61hma}r{bIBJN!(2{^SRl*tizR;cZ0+T1H7!K%bK|$e z1Yey(_^6fTBddJxjzG|v0N0Kp-^+zCbsMr2OwApC*oJF&vzhz-Jz(Lnb^vz#u?==x zo|yKOXri;T!d;jtjDb)a87ktu*m|6Ui0Xsahqc$|gZS-&>`Q|LTp!|=U6io^sNr|` zy-B=kcV%8i1e(cVYSQ+`vm*$&ZE0681A0fVlb7Ho|5#V3Z;y zY+o7A2|x+nG{COFw-n^1QrSXLRdrYo8Tb2C??P@P^!CCP@~`ID3G!J>nr!U!U_M;R z^A|UYW@X;wodEDXjO}{Dx<-bitt~hy;3R)_87urDz?5ZU@%Wl9>y0gcR5{drv6to3 zSLF58AD&Ik7^ZmmjsZj39Ka>WRehAm808=?Zp4>B@ZYX>R=n%i_Yc|U-M z^3&2%qWB1kgXaPbay4zsj0%u%fPA(^;MxH5o6^Y)^~8dx2%anILbU-*dl!uL?XT?; zhsLZ3n2-zmf>j{Gpult~C`-Kj%4@ZB?UHE%6;0j@myvKhJQ&#)5VppShknd?Fam!Y z-zCHjwgotxMW=E+W{uRJRYt;1(tg{I%3{-V?+YF#OS&#BIb4i_Z%2_IiT24m(< zLoc33HG+e zbe(-8I|UQu2>pQmi&My{+g^2O2;$BXrk863K9?L;zat|kWX?zxF_vABW9c5k3TPDCj$1^ zo~mgIEg;*xcRlfHXv}gzdOUNd>1)x~-v~R!X`usg_2VDNIMBlV>x~9Y^1)&=k3n1m zF;&|sYoUa#esf6JA|*_&$1S+WXBdeml`nBYBmh1s1A}6rn+LXmgocdj;}zr{=X{Q= z!EOXM3z<(wQ%tYf4JZzs*M|4FM5=_c^g~=MvVie^*K>BAt0OP_-X=QNkp0njkAip* zSYfZkwgVNndsT&zY~TMr{sX#0ig`>lY;t1VVc$rLpJ zcLOT~hdDj+W22D9bifA>I?xn?wcNV1{d1L%I0?zRMCEf`IdPSFuXBE{^E&6W|L|(_T-IlO)@MEI`d(%_^QfPX zi5mvXtPp(Yg^94nlaY0IV8)8?i_5Qm4s}q0W->TxCp<-;#0x<>hi;h1y~~h5G9lT4 z%AbN8elMc{;D76_=tf=5#IB`9l$0INsHs>~qo1`|2>6zr)h3$R-+z%-o`0!TQmbQja=27?)@PJzMLmy|iT zsSgV8)@jWz6P8N3vZa=^xBHCH{qqv}rN7%i`tjF{vdJeWd_^V@Lyx{elIP5`W^6^# zJ*OSiM%%~!dX1mU&eP#E0kM2v<8!kC{BhJS@Ys@vo-?R}sn#u2rZ<#xQOxv%L5Hhs^iv)|c zaQGK83)wLSQ`b_P!aZ#3Z^Up)h)7X({Ja{|PovndM+H+MB}Cx}=;7=H6IGQh)l%pL zD>?0V`<&Z}9_gdc^$%x|O~$uWfu)X8j>-eIW*E}u8cj0K*@{+@*o=Lx-4N;1bA?O3 zlleP_Z_4BjJRx3pg^ESV3rxNBxZDWLaeLczDY+#0m447wQ@yQzwhpZ+EXd7gc4vJ4 z$XOh`3Y7+k^vE>imr~sAHTKHQ?@mB#@THYL)a4JPnBIvUN~^z1)QG?2=l9oobNzP{ zG;b*cVTSBwbyVST~(?~)IS;{Ou0^WZSTNjuiecvJMu`eHYL z7vVO`;U8f$4qJadjz@1cVqSz%4`|dOi0K@vIlIOB$0P7Vt+lzBZ=f`7YZ$RaMjgZ<}}iDB{A@BqQlIdiE+i zcFfU0u{qn+vH@9A%Vh)%Sfe_@#?LTBZc~W!j{+@y{hR_Vr&XCZyKf^O9%>e5m-KD{ zbE#($c7jefQq&5X4{%X1k7hXpx~lRo?`knQz@J2ZUB=Yp-nnemyJe0k{zf{Olny)! z0Omo4{24`;i&o*-goHY87ifXXteT&E)66tbjuYsOFFo#+K)i&bj?*-eP_vA@Iw5dN*F>LW2bXq^bSgd(dk`vvw#SR9g1}O zhP$+9l~=Ye*=`7>$E}K2gI^mK%Jp`sdD?7}*=kCHm`o{u;O^aZ?l8Gb|0hou80NJCDG|GohjiA z*{8n|bteeOoM!w)corv~RHP=WxbO!O3^wZzGUCI^ z80&39G;V!yCs11zx)XF4=hw!{xxywBw^qBwJ*;w1-bjDzk6yT-emIMdxBphsleqhP^ud)a!+;nrN%Trq>ni|6Q<p>NG)EA{L`i9hR_N?l9CJ3$7Yn@hT>iE0Zpvi|t1Q}zrRLgrKc$_H2iX6D_ zGZnRjfccZPYmKw10sugyW_GA$P?EoJc&grQ@ahk`tu`*hMp{=%(m!>iD2r=uyHAN1 zIEnhpA`J_0p|ufY^xVKETy=wE(<1*bj}1DIR8m8SiZ7Cy^^jSaI14~sQ|5P{t`v4x zP9U)&?oA&`V2xftkK6rqJm}XODRt|E;)^jZ=oYLloQL^v9)2sc#<{`}C?KG6BKj$H z|4k6bnSV@e*|;Ns6#sc?RBaS0G+$3Hz|OF?Kv2c-(j50CJ`Hy{WPs`RYcf;>;9$@n zi+^-BlrW;BgONo^264Y|fEiJbo=Nv(kQ(LHnwr2^gJFZu&O^{*0jR*eO058LIw-i4CDwv_&9UF@CL4inLJEvZ@# z?F#h}I^0Hz`y#SX{|e1czkvF>3+fBHI%mK*3_zKig-Vg7ENgCHp^7^X|5|fVFX5gL!UBC+l=Dp`Sp4S9Bew!lDDo0P_Pfib^gx zXiES*2aYi=$5Ed=rNgD zav1rsrn?D%G$bXmP7snU!#!QPacPSQ#$%@GVU}YZ3iCO2DHJ(vYcbr$jo11pthikd zy;&wJCg{)>whsbY3TiNA8_G7P-j7^j@Jgo-GlluD^kzdU;5exlo%K2kf~TfVUwCLL zK!Hyimg@@E+~M)lPQ;bKV?s|JQh_{4286V8Rp&_rxHm^0MN=iu*eU-9(os=seC3?Z zUP12%R?vlp<6exFcQw`=Oo==*_`&^1w?jT#uVe0bZPVFTdJU#rc<%)5oKe5)c!9`c zue<@>1PD|p(-d=&;XLKXYeYQ$+6Q(=JaC95W0<$jxg|s7+LNoQW}o*X%Kv~llX#@p zLAUr^w+ijTi8zZ~0ucC8r98FBv?oJAHJq7Xe+;C-v~k@yQQVMd?X|u}KiSvrgZEOi z$tO;C^+R+S9s*M?%h72Xdp=t*?4DUJB2ONb+gWs(LshJdeRnZ_)%b;d2dORACr=~+ z8A*GmVYXtpy*ZT79*9M%^wYOvSz589Pd85#i2O7F$#tibodS@dpe7|#FN15aVYUjY zM1FcL{0^L$GSXjhd)T!H_C-v8vo}^9$k3RHkw2sW8z?B@vU;j)i)iK3Cz-;>k!igd z0+!pMNq(!^=qw<^)JaB_qyci8HgDk}03-!6Q!EYMHn8u`$$>C8)>s4F;mg=&#nc%2m(z}vSkKiwbE z;{I#c(xYpmKb|Cx1vvkbvjP|SkUwwzJ`uH{t69xOgOs_`@MU+?lDofslxAQS@dcC>gg9w%w+w1 z-nT7F*K(J+S>rO^t!>5v#DeAFY~YsX-^xu-q`k^qsnRHTj*Gk~+G*E617llkq*f^$ zz%LD+Yb|4aSRTpoEs|mDKx?W|AE}zz?$|SvIHBV zf*RM%gtC?oQ8JHYZ~+^=JFTKpD@LjdQa4)=J2#`hErIKykb?Y>RsHS4_QEQ6dqHKsP3Ju_33e`#Nl1XV95Qtgl1*OcHJ zX7KLMJF1t-y*a&aQ_q{&L!$5O|IYqD)yQ}0|C=WKFHt_o&0JC-SNJ**!#%Ziu5~@s zl-MVl=x@y9xmS}Km+_(E;Vwrx&5{7)THAe`Azf+!)|};qH4lhVD^my%CgB@_|I|$v z@i20+q^Oz*Kbv{x-)F|Q(Gn-z@`h#X>aaQFa2#VZJZifZP=S$th*|Eze(_= zCD?aG?tZvRQWNPZ1+~C3v6j~j=#+Yns~WGigSqDfheIUs+kTBalD^pRFJL!bKG3(_?A z%)*^_eq1G7#$Mi&tOlmCz@n%J%jPgNf81}S)2jUDJ%KREr)1d{H(~W|!hH6U&yTX5 zhj_=S@+butSNEoUZm!mlVh*xvr#MzJ#WB>g`{pv^$>szR;`rs&n^sF+ttz(JV>WWq zK0mw`eHv4mDy=_rTtMt9?IVtS^V-fAHx?KwkNS8ul2_^h<&DwZr&AoTR+ zv-L+=+M?dBqsSFcx>X3?sK0dXe}8A2Z&#jrtQG_fPJiR-C_LP}=;8}VuDq6vp!ws2<-+G4RRQlm+lIb1wcl&YL|m=J&PZ#L2d=9r8-}4BY?hI?utLCXI&|olZW~!jT~)XRlx7Y zX3SJh@ocm4aH!G8mEFz9!Ns=4`L&ykvAKT=U02k$)e``9;voZ_Nqpleshg7J|4m$n z{f~j;vI#dQ!evQ82+XLQi?b9JITK^N9DdQwE#SG6aiA;E!;LS?OD4*|7|WW1y|vE? zWA{Bl7YMcu7daAR2x23n6Xd)53w#B;ZSKpWf!A6_Ug7(qs4Ohc>ut-J` z+u07zIE=g;pJf*nD;eJUmqM^Az=7y$7M4c;Qz6`5fm?bvf1Gwt9~FStZNxD(O>45~e*;%$}E8aV!6MByHEM z61nQ#)DID(O3&@~n!{vdp~wks#9a40eTU0qX?nRW^* zB?dSsk>#P<7S&}p%?5G`^SV{I?JpVJxuBn5i222X9FO5|m03IhocvdaI$z{RIdgi? zg$u?0Fs!q?d!_r^^mT)>C&p8!v4lbSO(~dP1f3S)bQ;f|xdA{dJLyavxY$Rdz|+j{3i z$4wsBntoQFb)1~Us=b?+Uuy=te6fch-mLV)+(K2WU??F}Y?xO@#_6;)8CILx=&f!e zD%i;*PVE=(xEt?-D;M0}0PlTGg7Q!~%eE{_B@xLF5WT!qaz}cpA0rs!i?bE2t+PRr z^=G*EP+QY`cHr0iZpPSRa_PD~ntPUA9*9;bs=@f%N5S`PL|V?fCq{f+Jp8T!wrky$gV^Y;qKq~LB{ zHV2GPzh|xsja0`Dob{7^e8ZmrDE?r9dy;V*>4~++W$R@IQg%eQK3UV2^`@&sgNuYM zq-z}j-``4WEj*t(Ww-c(-COfT{oHuZ4Uup~jeEva<6d1IQg|d2&UoYbyM3;hEzB?>uC3}LIvN?kRFDUyVw88nPXVXjP#nlbD z@*>hnEA?&$464a+0397>?xzZ&TY;du$1oMc6XZSG!pDb%dpFx3OW4DBcmHDtE-v!( z`ncyd7%XZkvoy>n0h>%vFsZP&@c;lAb4(T}G4@uy_mEzKu{D2k@F53oASCdpYNT=0 z`kAp3c!UJtAQq$5B2ddGVvVChpih8CGsZ$#tBLEbWLw;v;%F>+JlH3a^^!ZQb~3!P zp_Vn-3EhXUd=%-LL$A5RVDL!QoVpu1nvlwWs_S(2K1%^ zUjw?$yPXBJgsByLb-7T%YwntO0FxhJ;|jv-gv%Tha}lYX@I9rcj%kg= zc%|SgwAH6^@FdfV-hysgcoC1~uj=Dp}v1C$R z7ucLSQhJ9&?*=(=E0^G^YjeMB@-L@AU|9>Wuz!jn|Fb8pnK;;W4Xhz3;HRA=N({2R zJXc+ZZkOsCd2)Kor2iD5B2)={8b+?f=c)dNOL-qwGfZ14Pgq#-a+%#0i1CJGt(jwX z$azl9^?Nj&#Qy$6v9aD!qxN+JGI)fj8R(!gdlY%+6Uz{CwBuLjv*$x#^=Zy%`Sh{A zk5|U(qGhJ;G8w_L>%wuM3$|Iqs+o&6Z=VoCm*%8UHfBOYN^cqAX9rhl0kT*dPQFBs zJ&}`&t?seH!?p#Kbu+*haV!Mb4V#5ts|>(H*(d}b4m>xnRU$d`ypbCn&nMS~e;gic zU~QWZ4%y#cu^V*)(_r)1ElW)xwor8@-XTwwg2PKg<3a*S(cDe*T3)gdn`5$5hTRcy z!AKYM0IC7@{r(X(e3=AUqXfetl`OYV{%}0ZwD%R$kKvHb+@82&+`3M1y$tEa&l+i$<3={AHL?UkUZ<73@)zB-W7FLts5WHDe`cBh~fvW z^vo0va|j&O7IXy$rFfWLZBYsu1rS6cEeVPzRdGD9u40C5?&UR{B&M{mHi^pb@;DDpBrw6`Uh1P_-@HzUMO8U*pf$ zIRa6TUGy7&a83?uh?2C;B`^FBVksJva^O{H<7CmVIXr_r`KmRMBU#&`S@f%K@onFd zBY6f<9Qnp!ij*1Zq^D!pZGW*6zKrNI@JPjI-qbEDDG+}8gjoddCJQNRX*CA$Jd{UV z>9G_F;%%I`CDGN%v)2xC9D z-6BYxcYgz+<}Xez{p56J(rN zWL8oY_rS4w{QNDCiLQHG(O?6zy92McI`bZe$04FM5wI#WwhVlmsK!D-wcoMgikKm{ zwXm{Jq5+ZU)Vi}(ON&2ah9WyI;{$Z7DbHjdq^VJeD1G`f>gh|cEcqU-IX6F3_9L%* zrtV_(AP-IqG$2HM=;FA(dgchO5+bxZT@Jp^U8fQQ`X&ys0ATudj>56!N8`$B8IVtjMk}} zW|IrJsEv_l1N9%$eb4~rNKWzv>ugm?_c4j8k;R_f3H};jx!MW$CSE!%75VTXe7YUUcH_gy^A~K^+o}ax z<;KM)d@!1UuU4i?b3E=}W0Mg}v2uNYGy09Yb-#b0gkv%#LgT1O@(*q&4x`+DC}8dh zttR^3-w@^K&L?u)>uPw}c+JZ%o#C*s_BGkQw3fox3apBg_0B(N%0U30^Vhw{Ns*f5!EKKw~#o=Zw%bJottoRcu&KF z`NW*8%S|bQZO^-poZWr8>OJ!KSB^tV9UtAtWUk@lgZusyuOU_O-p42F6Vv!DmD+%w zP%hY?|2Uy!d2cOP;{$Dp&-d=%DH$*Ur3GXMtvaZ!nmckT()-P_+ot$R)mWP{A5jQ8 zU7{OJVEHxiwc%rrWSNEAm+k{YR4)p^_L>tagh7{@@cg5CAjCsM)hJ5$fe!W64=kio z%HA8_mZ~ugd{%uF(PqhQEi(dB$6#~d&RuI9Alrk=bUau@sM1A6u!@YtcVp0b+We>M zk)WQ^8xc7!m@20ry&X9TTqaXzHBIG7pzuBdD7(>palOxQ zQZH6iMvHwS4JY+SH-dgQiGUWI8rB!>{-1ggqTZ;-sXhTG9@2HQS1=FaphuAgnZTR* zF)h2*cYD?3G@foBfYil4QP)69v8sz|xcBU3}6$y4$d;u zt<0wh@&s=-wN)Q@_Xk$+iRj-Ulp~blrLHCRq4=RZN2P$~ZJJS}$tTzH^kh!TSe(26 z$Xq89T&(4%ApZb=M>}y7Xt&SeBT;Ba*o?B^MR;qd6x>Kx!7wmK)&vGmPptsIG9S&U z()cJ4Vr(`4#bZdSL8~*Lp4h%H3#*Gm%I6lzu}Of@R`wfgD@5lRun+Ke6!+AwyJ@H& zQZ|6YM=z?`cKjYknTxC=wj|mgn%aoX=ks`iBKWSt-vN@6qZclWfu?X+4eX5nqI&@j zV1As#!#1q=W*fY|Z^QR(_#NHmyi{`$N>f4kV!V6y9ajjzf-*A0=duatiM({~ns<^F$?#Ukp-Q}e~) TAGGSH!GEsH+?~!l`g8sR@GX&Z literal 0 HcmV?d00001 diff --git a/doc/research/acm_2390317.2390326.bib b/doc/research/acm_2390317.2390326.bib new file mode 100644 index 0000000..315139e --- /dev/null +++ b/doc/research/acm_2390317.2390326.bib @@ -0,0 +1,17 @@ +@inproceedings{10.1145/2390317.2390326, +author = {Howard, Adam and Hu, Yi}, +title = {An Approach for Detecting Malicious Keyloggers}, +year = {2012}, +isbn = {9781450315388}, +publisher = {Association for Computing Machinery}, +address = {New York, NY, USA}, +url = {https://doi.org/10.1145/2390317.2390326}, +doi = {10.1145/2390317.2390326}, +abstract = {Keyloggers are applications that are installed onto computers with the intent of monitoring and storing keystrokes that are input by a user. These keystrokes can either be stored on a physical hard disk or transmitted via a network connection to a remote location. Because of their functions, keyloggers have a potential of being used for malicious purposes. In order to protect privacy, it is important to realize the threat that a keylogger application might pose and identify appropriate methods for detecting it. The method presented in this research provides a standardized approach to detect unknown keylogging software from a computer. We also conducted experiments on a variety of keyloggers to verify the effectiveness of the proposed approach.}, +booktitle = {Proceedings of the 2012 Information Security Curriculum Development Conference}, +pages = {53–56}, +numpages = {4}, +keywords = {rootkit, privacy, system hook, keylogger, malicious software}, +location = {Kennesaw, Georgia}, +series = {InfoSecCD '12} +} \ No newline at end of file diff --git a/doc/research/acm_financial_losses_due_to_malware.bib b/doc/research/acm_financial_losses_due_to_malware.bib new file mode 100644 index 0000000..2f61fc4 --- /dev/null +++ b/doc/research/acm_financial_losses_due_to_malware.bib @@ -0,0 +1,17 @@ +@inproceedings{10.1145/2905055.2905362, +author = {Amin, Maitri}, +title = {A Survey of Financial Losses Due to Malware}, +year = {2016}, +isbn = {9781450339629}, +publisher = {Association for Computing Machinery}, +address = {New York, NY, USA}, +url = {https://doi.org/10.1145/2905055.2905362}, +doi = {10.1145/2905055.2905362}, +abstract = {General survey stat that the main damage malware can cause is to slow down their PCs and perhaps crash some websites which is quite wrong, The Russian antivirus software developer teamed up with B2B International for a study worldwide recently, shown 36\% of users lose money online as a result of a malware attack. Currently malware can't be detected by traditional way based anti-malware tools due to their polymorphic and/or metamorphic nature. Here we have improvised a current detection technique of malware based on mining Application Programming Interface (API) calls and developed the first public dataset to promote malware research.• In survey of cyber-attacks 6.2\% financial attacks are due to malware which increase to 1.3 \% in 2013 compared to 2012.• Financial data theft causes 27.6\% to reach 28,400,000. Victims abused by this targeting malware countered 3,800,000, which is 18.6\% greater than previous year.• Finance-committed malware, associated with Bitcoin has demonstrated the most dynamic development. Where's, Zeus is still top listed for playing important roles to steal banking credentials.Solutionary study stats that companies are spending a staggering amount of money in the aftermath of damaging attack: DDoS attacks recover $6,500 per hour from malware and more than $3,000 each time for up to 30 days to moderate and improve from malware attacks. [1]}, +booktitle = {Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies}, +articleno = {145}, +numpages = {4}, +keywords = {Malware, API, financial losses, Survey}, +location = {Udaipur, India}, +series = {ICTCS '16} +} \ No newline at end of file diff --git a/doc/research/acm_risk_of_stolen_credentials.bib b/doc/research/acm_risk_of_stolen_credentials.bib new file mode 100644 index 0000000..4ccc3f0 --- /dev/null +++ b/doc/research/acm_risk_of_stolen_credentials.bib @@ -0,0 +1,17 @@ +@inproceedings{10.1145/3133956.3134067, +author = {Thomas, Kurt and Li, Frank and Zand, Ali and Barrett, Jacob and Ranieri, Juri and Invernizzi, Luca and Markov, Yarik and Comanescu, Oxana and Eranti, Vijay and Moscicki, Angelika and Margolis, Daniel and Paxson, Vern and Bursztein, Elie}, +title = {Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials}, +year = {2017}, +isbn = {9781450349468}, +publisher = {Association for Computing Machinery}, +address = {New York, NY, USA}, +url = {https://doi.org/10.1145/3133956.3134067}, +doi = {10.1145/3133956.3134067}, +abstract = {In this paper, we present the first longitudinal measurement study of the underground ecosystem fueling credential theft and assess the risk it poses to millions of users. Over the course of March, 2016--March, 2017, we identify 788,000 potential victims of off-the-shelf keyloggers; 12.4 million potential victims of phishing kits; and 1.9 billion usernames and passwords exposed via data breaches and traded on blackmarket forums. Using this dataset, we explore to what degree the stolen passwords---which originate from thousands of online services---enable an attacker to obtain a victim's valid email credentials---and thus complete control of their online identity due to transitive trust. Drawing upon Google as a case study, we find 7--25\% of exposed passwords match a victim's Google account. For these accounts, we show how hardening authentication mechanisms to include additional risk signals such as a user's historical geolocations and device profiles helps to mitigate the risk of hijacking. Beyond these risk metrics, we delve into the global reach of the miscreants involved in credential theft and the blackhat tools they rely on. We observe a remarkable lack of external pressure on bad actors, with phishing kit playbooks and keylogger capabilities remaining largely unchanged since the mid-2000s.}, +booktitle = {Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security}, +pages = {1421–1434}, +numpages = {14}, +keywords = {keylogger, phishing, risk analysis, data breach, password reuse, authentication, phishing kit, password}, +location = {Dallas, Texas, USA}, +series = {CCS '17} +} \ No newline at end of file diff --git a/doc/research/citation-strange-world-keyloggers.bib b/doc/research/citation-strange-world-keyloggers.bib new file mode 100644 index 0000000..9b328fb --- /dev/null +++ b/doc/research/citation-strange-world-keyloggers.bib @@ -0,0 +1,10 @@ +@article{article, +author = {Creutzburg, Reiner}, +year = {2017}, +month = {01}, +pages = {139-148}, +title = {The strange world of keyloggers - an overview, Part I}, +volume = {2017}, +journal = {Electronic Imaging}, +doi = {10.2352/ISSN.2470-1173.2017.6.MOBMU-313} +} \ No newline at end of file From 6d88d1e97daf1a195fbc0d84534eda65696da7d0 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 11:48:42 +0200 Subject: [PATCH 03/14] Update keylogger_detector.py Fix Tabs in help messages --- src/keylogger_detector.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/keylogger_detector.py b/src/keylogger_detector.py index 7220979..b82fa5f 100755 --- a/src/keylogger_detector.py +++ b/src/keylogger_detector.py @@ -37,10 +37,10 @@ def print_help(): print(' -v, --verbose\t\t\tVerbose mode. Informative information will be displayed duting execution') print(' -a, --auto-kill\t\tAutomatically kill blacklisted processes') print(' -s, --safe\t\t\tSafe mode. Asked to confirm before killing a process') - print(' -w, --add-white-list\t\t\tActivate prompt to add program names to the whitelist') #For some reason this line gets messed up in display - print(' -b, --add-black-list\t\t\tAutomatically add program names chosen to kill to the blacklist') + print(' -w, --add-white-list\t\tActivate prompt to add program names to the whitelist') #For some reason this line gets messed up in display + print(' -b, --add-black-list\t\tAutomatically add program names chosen to kill to the blacklist') print(' -d, --debug\t\t\tDebug mode. Print debug statements') - print(' -k, --kernel-detection\t\t\tRun the kernel keylogger detector, too. CURRENTLY NOT IMPLEMENTED TO DIRECTLY RUN KERNEL DETECTOR.') + print(' -k, --kernel-detection\t\tRun the kernel keylogger detector, too. CURRENTLY NOT IMPLEMENTED TO DIRECTLY RUN KERNEL DETECTOR.') def set_input_options(): """ From 50c0cef1d2dfa4b9e0938f62c12d0247a9835a5b Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:44:33 +0200 Subject: [PATCH 04/14] Update dev_journal.md fix link --- doc/dev_journal.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/dev_journal.md b/doc/dev_journal.md index cf96a4c..17cd7ed 100644 --- a/doc/dev_journal.md +++ b/doc/dev_journal.md @@ -166,7 +166,7 @@ This is after extensivly refactoring because I was starting to loose oversight o ## Wednesday, 7. June 2023, day ### Sebastian VirtualBox stopped working so after much pain I decided to switch to Boxes. There the install of Fedora 37 went smoothly. -Then Started testing the userland detector on [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/maste), [logkeys](https://github.com/kernc/logkeys). +Then Started testing the userland detector on [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/master), [logkeys](https://github.com/kernc/logkeys). [pykeylogger](https://github.com/amoffat/pykeylogger) produced a segmentation fault, after I finaly got it to run. Trying to run [py-keylogger](https://github.com/hiamandeep/py-keylogger), turns out it only runs on X11 it seem (so we'd not catch it anyway). [keylog](https://github.com/SCOTPAUL/keylog) was succesfully detected and removed. All in all, the main functionality works as intended. Basically now would be the refinement phase to add more options or to have a way to configure the config.json file more easily. From 496ee97d3fe47483caf88540614bfbb3f45bbb57 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:47:45 +0200 Subject: [PATCH 05/14] Update Readme --- README.md | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3ec41ec..12e4376 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,31 @@ -# keylogger-detector -University project for an Operating Systems lecture. The goal is to develope a keystroke-logger-detector for a Linux environment. Developement Environment: Fedora 37 VM under Gnome on VirtualBox. A project journal can be found [here](https://github.com/sebaschi/keylogger-detector/blob/main/doc/dev_journal.md) +# KLDetect +KLDetect is a keylogger detector for the Linux Desktop. +It can detect processes reading from ```/dev/input/event*``` devices and kernel modules registered to listen to keyboard events. + +# Dependencies +[Python](https://www.python.org/downloads/) +[SystemTap](https://sourceware.org/systemtap/wiki) + +# Setup +Download or clone this repository: +``` +git clone https://github.com/sebaschi/keylogger-detector.git +``` + +Run a keylogger. KLDetect has been tested and shown to work on the following keylogger. +User progams: +* [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/master) +* [logkeys](https://github.com/kernc/logkeys) +* [keylog](https://github.com/SCOTPAUL/keylog) +Kernel Module: +* [spy](https://github.com/jarun/spy) + +# Developers +Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi) + + + + + +This project is Part of a Univeristy project at the [Operating Systems](https://dmi.unibas.ch/de/studium/computer-science-informatik/lehrangebot-fs23/vorlesung-operating-systems-1/) lecture at the University of Basel, Switzerland. + A project journal can be found [here](https://github.com/sebaschi/keylogger-detector/blob/main/doc/dev_journal.md) From 05f86101ddecee20eb6f58629095a4eb4928fdc5 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:49:02 +0200 Subject: [PATCH 06/14] Update README.md --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 12e4376..ba9703d 100644 --- a/README.md +++ b/README.md @@ -13,11 +13,15 @@ git clone https://github.com/sebaschi/keylogger-detector.git ``` Run a keylogger. KLDetect has been tested and shown to work on the following keylogger. + User progams: + * [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/master) * [logkeys](https://github.com/kernc/logkeys) * [keylog](https://github.com/SCOTPAUL/keylog) +* Kernel Module: + * [spy](https://github.com/jarun/spy) # Developers @@ -28,4 +32,4 @@ Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Len This project is Part of a Univeristy project at the [Operating Systems](https://dmi.unibas.ch/de/studium/computer-science-informatik/lehrangebot-fs23/vorlesung-operating-systems-1/) lecture at the University of Basel, Switzerland. - A project journal can be found [here](https://github.com/sebaschi/keylogger-detector/blob/main/doc/dev_journal.md) + A project journal can be found [here](https://github.com/sebaschi/keylogger-detector/blob/main/doc/dev_journal.md). From c8fc7dc2b763cba389947b22c8b133be6b60593c Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:49:20 +0200 Subject: [PATCH 07/14] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index ba9703d..8a82b39 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,6 @@ User progams: * [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/master) * [logkeys](https://github.com/kernc/logkeys) * [keylog](https://github.com/SCOTPAUL/keylog) -* Kernel Module: * [spy](https://github.com/jarun/spy) From 6fac965976db5797733bbc5fbf3da917af0b5177 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:49:40 +0200 Subject: [PATCH 08/14] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8a82b39..8dfb2b0 100644 --- a/README.md +++ b/README.md @@ -15,12 +15,12 @@ git clone https://github.com/sebaschi/keylogger-detector.git Run a keylogger. KLDetect has been tested and shown to work on the following keylogger. User progams: - * [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/master) * [logkeys](https://github.com/kernc/logkeys) * [keylog](https://github.com/SCOTPAUL/keylog) -Kernel Module: + +Kernel Module: * [spy](https://github.com/jarun/spy) # Developers From ec19a08e6334eb07fd1fce02fe6ca46c7e1972da Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:56:15 +0200 Subject: [PATCH 09/14] Upate Readme --- README.md | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8dfb2b0..6d8e5b8 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,12 @@ It can detect processes reading from ```/dev/input/event*``` devices and kernel # Setup Download or clone this repository: ``` -git clone https://github.com/sebaschi/keylogger-detector.git +$ git clone https://github.com/sebaschi/keylogger-detector.git +``` +Navigate into the src directory: +``` +$ cd keylogger-detector/src ``` - Run a keylogger. KLDetect has been tested and shown to work on the following keylogger. User progams: @@ -23,6 +26,25 @@ User progams: Kernel Module: * [spy](https://github.com/jarun/spy) +# Usage +The programm must be run as root (sudo). + +Running without options just runs userspace detection: +``` +\# ./kldetect.py +``` +To get a list of options: +``` +\# ./kldetect.py -h +``` +To run with kernel module detection: +``` +\# ./kldetect.py -k +``` +To run just kernel module detection +``` +\# ./kernel_detector.py +``` # Developers Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi) From b59c659553fb428c7d72b2c9e1e7892c4ea6fa84 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 12:57:39 +0200 Subject: [PATCH 10/14] Update README.md --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 6d8e5b8..8eb46ae 100644 --- a/README.md +++ b/README.md @@ -3,8 +3,8 @@ KLDetect is a keylogger detector for the Linux Desktop. It can detect processes reading from ```/dev/input/event*``` devices and kernel modules registered to listen to keyboard events. # Dependencies -[Python](https://www.python.org/downloads/) -[SystemTap](https://sourceware.org/systemtap/wiki) +* [Python](https://www.python.org/downloads/) +* [SystemTap](https://sourceware.org/systemtap/wiki) # Setup Download or clone this repository: @@ -31,19 +31,19 @@ The programm must be run as root (sudo). Running without options just runs userspace detection: ``` -\# ./kldetect.py +# ./kldetect.py ``` To get a list of options: ``` -\# ./kldetect.py -h +# ./kldetect.py -h ``` To run with kernel module detection: ``` -\# ./kldetect.py -k +# ./kldetect.py -k ``` To run just kernel module detection ``` -\# ./kernel_detector.py +# ./kernel_detector.py ``` # Developers Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi) From 33eb3c6fb43795ea9fcba89e67ae6564031c67a9 Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 13:05:00 +0200 Subject: [PATCH 11/14] Update README.md --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 8eb46ae..9781f9c 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,8 @@ It can detect processes reading from ```/dev/input/event*``` devices and kernel # Dependencies * [Python](https://www.python.org/downloads/) * [SystemTap](https://sourceware.org/systemtap/wiki) +* [```fuser```](https://www.man7.org/linux/man-pages/man1/fuser.1.html) +* Utilities that come with [Fedora](https://fedoraproject.org/) like ```which```. # Setup Download or clone this repository: @@ -45,6 +47,12 @@ To run just kernel module detection ``` # ./kernel_detector.py ``` + +# Warning +Running any part if this program in a lightheaded manner may break your system. +Killing processes and unloading modules should be done with caution. We suggest testing it an a VM. +If one runs the KLDetect with the kernel module keylogger detection option set. Make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt) +with kernel modules that you know you have on your system. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry. # Developers Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi) From 79bad57439383c0630a8b860e596bb66e1b93b5c Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 13:05:49 +0200 Subject: [PATCH 12/14] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 9781f9c..bc2d54e 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,8 @@ To run just kernel module detection # Warning Running any part if this program in a lightheaded manner may break your system. Killing processes and unloading modules should be done with caution. We suggest testing it an a VM. -If one runs the KLDetect with the kernel module keylogger detection option set. Make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt) -with kernel modules that you know you have on your system. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry. +If one runs the KLDetect with the kernel module keylogger detection option set, make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt) +with the safe kernel modules that you know you have on your system. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry. # Developers Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi) From 326f5011e0395594f12151eb7a7b80c53a49097c Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 13:07:14 +0200 Subject: [PATCH 13/14] Update README.md --- README.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index bc2d54e..276316c 100644 --- a/README.md +++ b/README.md @@ -11,11 +11,11 @@ It can detect processes reading from ```/dev/input/event*``` devices and kernel # Setup Download or clone this repository: ``` -$ git clone https://github.com/sebaschi/keylogger-detector.git +git clone https://github.com/sebaschi/keylogger-detector.git ``` Navigate into the src directory: ``` -$ cd keylogger-detector/src +cd keylogger-detector/src ``` Run a keylogger. KLDetect has been tested and shown to work on the following keylogger. @@ -29,23 +29,23 @@ Kernel Module: * [spy](https://github.com/jarun/spy) # Usage -The programm must be run as root (sudo). +KLDetect **must** be run as root (sudo). Running without options just runs userspace detection: ``` -# ./kldetect.py +./kldetect.py ``` To get a list of options: ``` -# ./kldetect.py -h +./kldetect.py -h ``` To run with kernel module detection: ``` -# ./kldetect.py -k +./kldetect.py -k ``` To run just kernel module detection ``` -# ./kernel_detector.py +./kernel_detector.py ``` # Warning From 7d4bc93243876cfb10f2b73770b2d702a4993d9e Mon Sep 17 00:00:00 2001 From: Sebastian Lenzlinger <74497638+sebaschi@users.noreply.github.com> Date: Tue, 13 Jun 2023 13:10:24 +0200 Subject: [PATCH 14/14] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 276316c..e4f3b8f 100644 --- a/README.md +++ b/README.md @@ -53,8 +53,9 @@ Running any part if this program in a lightheaded manner may break your system. Killing processes and unloading modules should be done with caution. We suggest testing it an a VM. If one runs the KLDetect with the kernel module keylogger detection option set, make sure to update the [whitelist.txt](https://github.com/sebaschi/keylogger-detector/blob/main/src/whitelist.txt) with the safe kernel modules that you know you have on your system. Altough KLDetect should not unload any kernel modules currently used, better safe than sorry. + # Developers -Copyright 2023 [Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi) +Copyright © 2023[Michel Romancuk](https://github.com/SoulKindred), [Sebastian Lenzlinger](https://github.com/sebaschi)