6 Repos
Techniques for identifying if a process is executing within a virtual machine or sandbox.
Distinct from Virtual Machine Discovery Tools: Candidates describe the VMs themselves, not the act of detecting them for evasion.
Explore 6 awesome GitHub repositories matching security & cryptography · Virtualization Detection. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Identifies virtual machine environments by checking hardware fingerprints to avoid detection.
This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications.
Implements checks to identify if the payload is executing within a virtual machine or sandbox to evade detection.
Chef is a configuration management platform and infrastructure as code framework used to automate the deployment and maintenance of infrastructure state across a fleet of servers. It operates as an idempotent automation engine, ensuring systems converge to a desired state by applying only the necessary changes to resolve differences. The system functions as a multi-platform server orchestrator capable of managing infrastructure across different operating systems, cloud providers, and hardware architectures. It includes a dedicated infrastructure testing framework to verify configuration code
Identifies whether a node is a physical machine, a virtual machine guest, or a hypervisor host.
LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a
Identifies the presence of Docker or LXC containers to determine the available attack surface.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Searches for registry keys, MAC addresses, and firmware strings to identify virtual machine environments.
Pafish ist ein Anti-Analyse-Sandbox-Detektor und ein Test-Tool für Virtualisierungsumgebungen. Es dient als diagnostisches Dienstprogramm, um zu identifizieren, ob ein System innerhalb einer virtuellen Maschine oder einer Malware-Analyse-Sandbox ausgeführt wird, indem gängige Anti-Analyse-Techniken angewendet werden. Das Tool validiert die Wirksamkeit verschiedener Evasionsmethoden und unterstützt die Forschung zur Sandbox-Erkennung. Es testet, ob ein Zielsystem als virtualisierte Umgebung erkannt werden kann, um die Tarnung von Malware-Analyseumgebungen zu verbessern. Die Erkennung erfolgt durch eine Vielzahl von Verhaltensprüfungen, einschließlich Hardware-Artefaktanalyse, MAC-Adressfilterung und Registry-Key-Fingerprinting. Die Suite verwendet zudem instruktionsbasierte Erkennung, zeitbasierte Ausführungsanalyse und prozessbasiertes Umgebungs-Scanning, um Indikatoren für Virtualisierung zu identifizieren.
Implements various techniques to determine if a process is executing within a virtual machine or sandbox.