I work in a place where system admins can run any exe on any computers at the building without any logs. In my first years, I didn’t think anything bad would come out from this situation until I realized that one day keylogger injected into my computer (Windows Defender couldn’t find it but the third party antivirus software helped me to find it).
This happened two times. All my credit cards, passwords for emails and my cloud storage… They are all gone! I wanna take this to a court but I don’t know where to start?
So far so good, I coded an app, running in the background as a service which keeps track of all the log in information to my computer. However, this is not the case, I realized that system admins can run any exe on computers without logging in.
My concern is that what if they inject some other type of keylogger but this time it’s not recognizable from third party antivirus which I use, like windows defender does.
My plan is to develop my app to take care of more stuff like
- It will keep track of every single connection established by an app with the help of
- It will scan every running app and send them to virustotal with the help of VirusTotal API
P.S. Sysmon is installed.
What else should I do?