Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Detection evasion and deception features #23

Open
adricnet opened this issue Jan 5, 2017 · 3 comments
Open

Detection evasion and deception features #23

adricnet opened this issue Jan 5, 2017 · 3 comments
Labels
good first issue Good for newcomers hacktoberfest help wanted Extra attention is needed

Comments

@adricnet
Copy link

adricnet commented Jan 5, 2017

From a comment by @Svieg in #22, here's a collection of resources to discuss vm detection and anti-analysis features/concerns for malboxes. Perhaps a feature branch or break out a test profile for these ideas?

Refs:

VMCloak is GPL3 and Python2, so maybe there's so code there that can be called or used?

hth,
adricnet

@obilodeau
Copy link
Contributor

VM detection evasion is planned. There were references already in the TODO.adoc file at the root of the repository. I added your references to it. Thanks!

If you feel up to the task, go ahead and do it. I'll test your stuff and help you. However, implementing it on my own is not on my short-list of things I want to do with malboxes right now.

If you want some advice, I would start by running paranoid fish in a built Windows 7 VM and make changes to fix the issues outlined by that tool. Non-intrusive changes should go in the main profiles. Intrusive changes should be made in a different profile (ie: win10_32_analyst_paranoid).

Also, uninstalling stuff like chocolatey and guest tools in a post-setup step would also be something I would consider doing.

@Svieg
Copy link
Collaborator

Svieg commented Jan 7, 2017

The profiles branch is entirely for that purpose already though.

@adricnet
Copy link
Author

adricnet commented Jan 9, 2017 via email

@obilodeau obilodeau added the help wanted Extra attention is needed label Jul 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
good first issue Good for newcomers hacktoberfest help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

3 participants