Speaker: Yaniv Balmas Key-Loggers are cool, really cool. It seems, however, that every conceivable aspect of key-logging has already been covered: from physical devices to hooking techniques. What possible innovation could be left in this field? Well, that’s what we used to think too. That is until we noticed that little grey box sitting there underneath a monitor, next to yesterday’s dirty coffee cup. The little grey box that is most commonly known as ‚KVM‘. The talk will tell the tale of our long journey to transform an innocent KVM into a raging key-logging monster. We will safely guide you through the embedded wastelands, past unknown IC’s, to explore uncharted serial protocols and unravel monstrous obfuscation techniques. Walking along the misty firmware woods of 8051 assembly we will challenge ambiguous functions, and confront undebuggable environments. Finally, we will present a live demo of our POC code and show you that air-gapped networks might not be as segregated as you imagined. You will witness that malware code could actually reside outside your computer, persisting through reboots, wipes, formats, and even hardware replacements. You might laugh, you might cry, but one thing is certain – you will never look at your KVM the same as before Our presentation will guide the audience trough an entire research project process: from the choice of a research subject, the learning stage, trough the many failures along the way, and until a complete success is finally achieved. Our research process provides useful insights for both entry-level and experienced researchers in the hardware hacking area. This research sheds light on a brand new field that has yet to be uncovered by the security community. We believe that CCC, as one of the world’s largest security convention, will provide the most suitable stage to share our research story and its implications. And finally, this talk is the product of a long research project