{"id":5811,"date":"2025-06-23T13:05:37","date_gmt":"2025-06-23T09:05:37","guid":{"rendered":"https:\/\/jsnet.biz\/?p=5811"},"modified":"2025-07-07T17:02:31","modified_gmt":"2025-07-07T13:02:31","slug":"keytrap-n%c9%99dir","status":"publish","type":"post","link":"https:\/\/jsnet.biz\/az\/keytrap-n%c9%99dir\/","title":{"rendered":"KeyTrap n\u0259dir?"},"content":{"rendered":"<h3 class=\"wp-block-heading\">\ud83d\udd10 <strong>KeyTrap n\u0259dir?<\/strong><\/h3>\n\n\n\n<p><strong>A\u00e7arTrap<\/strong> (tam ad\u0131 il\u0259 \u201cKeyboard Trap\u201d) \u2013 \u0259m\u0259liyyat sistemind\u0259ki klaviatura buferi giri\u015f hadis\u0259l\u0259rinin emal sistemind\u0259ki z\u0259iflikd\u0259n qaynaqlanan bir istismard\u0131r (<em>istismar etm\u0259k<\/em>). Bu z\u0259iflikd\u0259n istifad\u0259 ed\u0259n h\u00fccum\u00e7u, z\u0259r\u0259rli v\u0259 ya qeyri-standart <strong>klaviatura hadis\u0259l\u0259ri (klaviatura hadis\u0259si)<\/strong> yaradaraq <strong>\u0259m\u0259liyyat sistemini v\u0259 ya cihaz\u0131 kilidl\u0259y\u0259 v\u0259 ya iflic v\u0259ziyy\u0259tin\u0259 sala<\/strong> bil\u0259r. \u018fsas\u0259n bu tip h\u00fccumlar <strong>Q\u0259sd\u0259n yarad\u0131lan qeyri-adi v\u0259 ya \u0259sas d\u00fcym\u0259 siqnallar\u0131<\/strong> il\u0259 h\u0259yata ke\u00e7irilir.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83c\udfaf <strong>hans\u0131 sisteml\u0259r\u0259 t\u0259sir edir?<\/strong><\/h3>\n\n\n\n<p>KeyTrap sisteml\u0259r\u0259 t\u0259sir ed\u0259 bil\u0259r:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>P\u0259nc\u0259r\u0259l\u0259r<\/strong>, <strong>Linux<\/strong>, v\u0259 <strong>macOS<\/strong> sisteml\u0259ri (xusil\u0259 a\u015fa\u011f\u0131 s\u0259viyy\u0259li klaviatura \u00fcz\u0259rind\u0259)<\/li>\n\n\n\n<li>\u0130nteqrasiya edilmi\u015f <strong>BIOS\/UEFI sisteml\u0259ri<\/strong> (b\u0259zi hallarda)<\/li>\n\n\n\n<li>X\u00fcsusi t\u0259hl\u00fck\u0259: <strong>Uzaq Masa\u00fcst\u00fc<\/strong>, <strong>KVM<\/strong>, v\u0259 <strong>virtual ma\u015f\u0131nlar<\/strong> laz\u0131mi daxil olanlara<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\u2699\ufe0f <strong>\u0130\u015f prinsipi n\u0259dir?<\/strong><\/h3>\n\n\n\n<p>KeyTrap h\u00fccumu prinsipl\u0259 i\u015fl\u0259yir:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Z\u0259r\u0259rli proqram v\u0259 ya cihaz (m\u0259s\u0259l\u0259n, USB klaviatura il\u0259) qeyri-adi <strong>klaviatura giri\u015fi<\/strong> g\u00f6nd\u0259rilir (m\u0259s\u0259l\u0259n, \u00e7ox sayda <code>N\u00f6vb\u0259<\/code>, <code>Ctrl<\/code> v\u0259 ya nadir Unicode simvolu).<\/li>\n\n\n\n<li>\u018fm\u0259liyyat sistemi bu hadis\u0259ni d\u00fczg\u00fcn emal ed\u0259 bilmir v\u0259 <strong>resurslar\u0131n \u00e7ox istifad\u0259si<\/strong>, <strong>d\u00f6ng\u0259<\/strong> v\u0259 ya <strong>donma v\u0259ziyy\u0259ti<\/strong> yaran\u0131r.<\/li>\n\n\n\n<li>Bu v\u0259ziyy\u0259td\u0259 sistem ya <strong>tam donur<\/strong>, h\u0259 da <strong>klaviatura giri\u015fl\u0259ri qeyri-i\u015fl\u0259k olur<\/strong>, b\u0259zi hallarda is\u0259 <strong>yenid\u0259n ba\u015flat<\/strong> t\u0259l\u0259b olunur.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udee1\ufe0f <strong>riski n\u0259dir?<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Xidm\u0259td\u0259n \u0130mtina (DoS)<\/strong> \u2013 cavab\u0131n verilm\u0259sin\u0259 s\u0259b\u0259b olur<\/li>\n\n\n\n<li>\u0259g\u0259r t\u0259hl\u00fck\u0259li kod sistem\u0259 d\u00fc\u015fd\u00fcs\u0259, <strong>lokal eskalasiya<\/strong> v\u0259 ya <strong>fiziki h\u00fccum<\/strong> ba\u015f ver\u0259 bil\u0259r<\/li>\n\n\n\n<li>\u0130stifad\u0259\u00e7inin sistemd\u0259n \u00e7\u0131x\u0131\u015f\u0131na v\u0259 ya idar\u0259sin\u0259 <strong>mane\u00e7ilik t\u00f6r\u0259d\u0259 bil\u0259r<\/strong><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83e\uddef <strong>Qar\u015f\u0131s\u0131n\u0131 alma yollar\u0131<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Sistem g\u00fcnc\u0259ll\u0259m\u0259l\u0259ri<\/strong> \u2013 \u018fm\u0259liyyat sisteminizin v\u0259 drayverl\u0259rin \u0259n son t\u0259hl\u00fck\u0259sizlik yamaqlar\u0131 il\u0259 t\u0259min edilm\u0259si<\/li>\n\n\n\n<li><strong>USB cihaz n\u0259zar\u0259ti<\/strong> \u2013 Ad\u0131 v\u0259 etibars\u0131z USB klaviaturalar\u0131n bloklanmas\u0131<\/li>\n\n\n\n<li><strong>Giri\u015f filtrl\u0259m\u0259<\/strong> \u2013 Klaviatura hadis\u0259l\u0259rinin m\u0259nb\u0259yini v\u0259 d\u0259y\u0259rini yoxlayan t\u0259hl\u00fck\u0259sizlik proqramlar\u0131<\/li>\n\n\n\n<li><strong>Virtualizasiya m\u00fchitl\u0259rind\u0259<\/strong> \u2013 Klaviatura y\u00f6nl\u0259ndirm\u0259si v\u0259 qonaq OS izolasiya qaydalar\u0131n\u0131n t\u0259tbiqi<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n\n\n\n<h3 class=\"wp-block-heading\">\ud83d\udcda M\u0259lumat m\u0259lumatlar\u0131 v\u0259 daha \u0259trafl\u0131 oxu:<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a class=\"\" href=\"https:\/\/www.srlabs.de\" target=\"_blank\" rel=\"noopener\">T\u0259hl\u00fck\u0259sizlik T\u0259dqiqat Laboratoriyalar\u0131 \u2013 KeyTrap Hesabat\u0131<\/a><\/li>\n\n\n\n<li>CVE n\u00f6mr\u0259si: <strong>CVE-2023-KEYTRAP<\/strong> (h\u0259l\u0259 qeydiyyatdan ke\u00e7\u0259 bil\u0259r)<\/li>\n\n\n\n<li>Github PoC kodlar\u0131 v\u0259 analizl\u0259r (m\u00f6vcud ola bil\u0259r, ehtiyatla bax\u0131lmal\u0131d\u0131r)<\/li>\n<\/ul>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd10 KeyTrap n\u0259dir? KeyTrap (tam ad\u0131 il\u0259 \u201cKeyboard Trap\u201d) \u2013 \u0259m\u0259liyyat sistemind\u0259ki klaviatura buferi v\u0259 giri\u015f hadis\u0259l\u0259rinin emal sistemind\u0259ki z\u0259iflikd\u0259n qaynaqlanan bir istismard\u0131r (exploit). Bu z\u0259iflikd\u0259n istifad\u0259 ed\u0259n h\u00fccum\u00e7u, z\u0259d\u0259li v\u0259 ya qeyri-standart klaviatura hadis\u0259l\u0259ri (keyboard event) yaradaraq \u0259m\u0259liyyat sistemini v\u0259 ya cihaz\u0131 kilidl\u0259m\u0259k v\u0259 ya iflic v\u0259ziyy\u0259tin\u0259 sala bil\u0259r. \u018fsas\u0259n bu tip h\u00fccumlar q\u0259sd\u0259n [\u2026]<\/p>","protected":false},"author":1,"featured_media":5812,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[179,174,182,173],"class_list":["post-5811","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-netadmin-2","tag-networking-2","tag-sysadm"],"_links":{"self":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5811","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/comments?post=5811"}],"version-history":[{"count":0,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/5811\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media\/5812"}],"wp:attachment":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media?parent=5811"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/categories?post=5811"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/tags?post=5811"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}