Main Goal: Locate specific packets containing recorded key logger activity and decrypt the data that was exfiltrated to determine severity of breach. Sub-goal: Improve upon keylogger.py malware After creating this keylogger where the code was easily accessible from a quick google search and setting it up and deploying it to run on my own system. I wanted to see how this traffic might look like if the victim machine's traffic was being captured via Wireshark and the keylogger was sending keystroke data to an email. Given that in the keylogger.py code, it was already thought of to connect to the SMTP server using TLS protocol so I would expect the recorded keystrokes to be encrypted. Because I didn't want to exactly download Wireshark on my host machine and capture the .pcap file, I tried to see if I could have my Wireshark on my Kali Linux VM capture those packets instead. So before doing a bit of configuration changes on my Kali Linux VM, it was configured for NAT which I think made it harder for Wireshark to capture packet data from my host machine despite being on promiscuous mode because they were on different subnets. So I would only see packet data going to and from the virtual machine and nothing else. So once I changed the network configuration type from NAT to bridged adapter and enabled promiscuous mode, I saw the number of packets being captured shoot up exponentially and sure enough I saw my host machine's packets being captured as well.