🛡️ Malware Simulation Lab with Python (Ransomware & Keylogger)

---

📌 About This Project

This repository contains an educational simulation of common malware behaviors, developed as part of the Santander Cybersecurity Bootcamp (DIO).

The project demonstrates, in a controlled and ethical environment, how:

• Ransomware encrypts and decrypts files
• Keyloggers capture user input
• Data can be exfiltrated in a simulated way
• Defensive strategies can mitigate these threats

⚠️ Ethical Notice All scripts in this repository were created strictly for educational purposes, executed only on local test files and isolated environments. Never run this code on real systems, networks, or without explicit authorization.

---

🎯 Learning Objectives

By completing this project, it was possible to:

• Understand the internal logic of ransomware and keyloggers
• Practice Python scripting for security analysis
• Learn how attackers abuse cryptography and input capture
• Identify defensive mechanisms against malware
• Document cybersecurity experiments professionally
• Reinforce ethical responsibility in offensive security studies

---

🧪 Simulated Ransomware

🔐 Description

The ransomware simulation demonstrates:

• Generation of a symmetric encryption key
• Encryption of files inside a test directory
• Creation of a simulated ransom message
• Restoration of files using the same key

⚙️ Technologies

• Python 3
• cryptography (Fernet – symmetric encryption)
• File system traversal with os.walk()

🔁 Workflow

1. Generate encryption key
2. Encrypt files inside /test_files
3. Display ransom message
4. Decrypt files using stored key

📌 Important: Only test files are affected. System files are never targeted.

---

⌨️ Simulated Keylogger

🧠 Description

The keylogger simulation demonstrates how keystrokes can be captured by malicious software.

Two variants are implemented:

• Local logging: saves keystrokes into a text file
• Email simulation: sends captured data periodically via SMTP (test credentials only)

⚙️ Technologies

• Python 3
• pynput (keyboard listener)
• smtplib (email simulation)
• threading.Timer

📌 Notes

• Modifier keys are ignored
• Special keys are normalized (Enter, Space, Tab)

---

🛡️ Defense and Mitigation

Based on the simulations, the following defenses are recommended:

• Updated antivirus and EDR solutions
• Firewall monitoring outbound connections
• Application sandboxing
• Regular offline backups
• Least privilege user accounts
• Multi-Factor Authentication (MFA)
• User awareness and phishing training

Detailed mitigation notes are available in notes/mitigations.md.

---

📂 Repository Structure

dio-python-malware-simulation-lab/
│
├── README.md
├── ransomware/
│   ├── encrypt.py
│   ├── decrypt.py
│   └── test_files/
│       └── sample.txt
├── keylogger/
│   ├── keylogger_local.py
│   └── keylogger_email.py
└── notes/
    └── mitigations.md

---

📚 References

• Python Documentation — https://docs.python.org/3/
• Cryptography (Fernet) — https://cryptography.io/
• pynput — https://pypi.org/project/pynput/
• smtplib — https://docs.python.org/3/library/smtplib.html

---

✍️ Author: Stephen Roque 🎓 Educational project developed for Digital Innovation One (DIO)