You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
From a comment by @Svieg in #22, here's a collection of resources to discuss vm detection and anti-analysis features/concerns for malboxes. Perhaps a feature branch or break out a test profile for these ideas?
VM detection evasion is planned. There were references already in the TODO.adoc file at the root of the repository. I added your references to it. Thanks!
If you feel up to the task, go ahead and do it. I'll test your stuff and help you. However, implementing it on my own is not on my short-list of things I want to do with malboxes right now.
If you want some advice, I would start by running paranoid fish in a built Windows 7 VM and make changes to fix the issues outlined by that tool. Non-intrusive changes should go in the main profiles. Intrusive changes should be made in a different profile (ie: win10_32_analyst_paranoid).
Also, uninstalling stuff like chocolatey and guest tools in a post-setup step would also be something I would consider doing.
Thank you both. I will take a look at the profiles branch (and look over
the TODO file as well).
And, I do agree that detection/evasion is not a priority for me for
malboxes, but perhaps someone else will be able to pick up here.
From a comment by @Svieg in #22, here's a collection of resources to discuss vm detection and anti-analysis features/concerns for malboxes. Perhaps a feature branch or break out a test profile for these ideas?
Refs:
VMCloak is GPL3 and Python2, so maybe there's so code there that can be called or used?
hth,
adricnet
The text was updated successfully, but these errors were encountered: