So, I blogged about this topic a while back. This week I’ve been playing with keyloggers. I had my keyloggers setup on win2k3 and winxp machines and I was accessing them via RDP. I made the mistake of keeping my RDP session nailed up. A few days later, I note tons of entries being displayed within the keylogger GUI. Of course, since the clipboard auto-synchs between the client machine and the RDP server, the keylogger on the virtual machine had been logging the clipboard contents from my home machine. I had been doing tons of code edits, so every cut-and-paste was captured and displayed by the keylogger software. Pretty embarrassing!
Now, what would I find if I setup a machine on a stub network, installed a keyboard logger, and let the hackers come on in? For everyone attaching to my machine, I would be snagging their clipboard. That might be interesting data.
!Dmitry