About the Speaker
Using software keyloggers to steal sensitive information, such as passwords, from computers has been a well-known technique for over 20 years, and reports indicate it continues to be employed in cyber attacks today. While keylogging itself does not directly damage a computer, early detection is critical to preventing subsequent, more invasive cyber attacks.
In this presentation, I will begin by explaining four common types of user-mode keyloggers on Windows (Polling-based, Hooking-based, RawInputModel, and DirectInput) and then discuss detection methods for each. Specifically, I will explain how to detect keyloggers using Event Tracing for Windows (ETW), a logging feature built into Windows and utilized by modern Endpoint Detection and Response (EDR) platforms, including examples of actual detection rules.
In the latter part of the presentation, I will focus on a hotkey-based keylogging technique disclosed in 2024, examining its threats and discussing detection methods. I will specifically highlight the difficulties in detecting this keylogging technique through ETW and then propose a new method for detecting it without ETW using an undocumented hotkey table.
Overall, this presentation will share information about both old and new keylogging techniques, along with useful tips and insights for successfully implementing detection methods.
Asuka Nakajima is a cyber security researcher and engineer based in Tokyo, Japan. With over a decade of experience in computer security, her expertise includes software security, reverse engineering, and cyber security research and development. She has presented at numerous security conferences and events, such as Black Hat USA/Europe/Asia Briefings, Bsides Singapore (Keynote speaker), AsiaCCS, ROOTCON, AIS3, and PHDays, and serves on the Review Board for Black Hat USA and Asia, and CODEBLUE.
In addition, Asuka is the founder of CTF for GIRLS, the first infosec community for women in Japan, and also the author of the bestselling book "*Cyber Attack*" (Bluebacks, 2018). Currently, she works as a Senior Security Research Engineer at Elastic, focusing on endpoint security R&D.