Update dev_journal.md

Tried first keylogger

doc/dev_journal.md

@@ -43,4 +43,20 @@ For either path this cannot be the final functionality. It is unclear what is an
 5. Bibliography
 6. Resources
 #### Misc
-What is the essential problem? We need to define what problem to solve more precisely and figure out what the essential complexities are. My current understanding is that detecting a keylogger embedded in the kernel is a fundamentally different task than detecting a keylogger that lives in user space (even with root priviledges). 
+What is the essential problem? We need to define what problem to solve more precisely and figure out what the essential complexities are. My current understanding is that detecting a keylogger embedded in the kernel is a fundamentally different task than detecting a keylogger that lives in user space (even with root priviledges). 
+
+## Wednesday, 10.05.2023
+### Sebastian 
+Tested [simple-key-logger](https://github.com/gsingh93/simple-key-logger/tree/master). The following steps get me from getting device file name of keyboard to PID kapturing keystrokes and associated binary executable:
+1. ls -la /dev/ipnut/by-path | grep kbd -> ../event2
+2. fuser /dev/input/event2 -> 1 880 1774 6327
+3. ls -l /proc/{1, 880, 1774, 63277}/exe -> gnome-shell, systemd, systemd-logind AND /home/kldetect/simple-key-logger/skeylogger
+So this keylogger can easily be found since only 3 other processes wherer reading from the kbd input file. Replicating on my host reveal that it would be similarly easy to snuff out their, as the only processes reading from my keyboard where gnome-shell, systemd and systemd-logind.
+
+Attempting to install [keylogger](https://github.com/arunpn123/keylogger). It fails saying: 
+'''
+make: PWD: No such file or directory
+make -C /lib/modules/6.0.7-301.fc37.x86_64/build M= modules
+make[1]: *** /lib/modules/6.0.7-301.fc37.x86_64/build: No such file or directory.  Stop.
+make: *** [Makefile:4: all] Error 2
+'''