Featured resource
pluralsight tech forecast
2025 Tech Forecast

Which technologies will dominate in 2025? And what skills do you need to keep up?

Check it out
Hamburger Icon
  • Course
    • Libraries: If you want this course, consider one of these libraries.
    • Security

Sandworm: Keylogging Emulation

Discover how Advanced Persistent Threat (APT) Actors, such as Sandworm, use keylogging for input capture in victim environments to acquire credentials for new access opportunities within victim environments.

Matthew Lloyd Davies - Pluralsight course - Sandworm: Keylogging Emulation
by Matthew Lloyd Davies

What you'll learn

During the 2015 Ukraine Electric Power Attack, Sandworm used keylogging to gather account credentials via a BlackEnergy keylogger plugin. Adversaries log keystrokes to intercept credentials as the user types them to acquire credentials for new access opportunities when other credential dumping techniques fail. In this course, Sandworm: Keylogging Emulation, you’ll discover the many different ways an attacker can capture keystrokes, including Hooking API callbacks, reading raw keystroke data from the hardware buffer, as well as custom scripts.

Table of contents

About the author

Matthew Lloyd Davies - Pluralsight course - Sandworm: Keylogging Emulation
Matthew Lloyd Davies

Matt has a degree in Chemical engineering and a PhD in mathematical chemistry. He is also a GIAC certified incident handler and penetration tester and has regulated cyber security in the UK civil nuclear sector for many years.

More Courses by Matthew