6 repositorios
Techniques for identifying if a process is executing within a virtual machine or sandbox.
Distinct from Virtual Machine Discovery Tools: Candidates describe the VMs themselves, not the act of detecting them for evasion.
Explore 6 awesome GitHub repositories matching security & cryptography · Virtualization Detection. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Identifies virtual machine environments by checking hardware fingerprints to avoid detection.
This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications.
Implements checks to identify if the payload is executing within a virtual machine or sandbox to evade detection.
Chef is a configuration management platform and infrastructure as code framework used to automate the deployment and maintenance of infrastructure state across a fleet of servers. It operates as an idempotent automation engine, ensuring systems converge to a desired state by applying only the necessary changes to resolve differences. The system functions as a multi-platform server orchestrator capable of managing infrastructure across different operating systems, cloud providers, and hardware architectures. It includes a dedicated infrastructure testing framework to verify configuration code
Identifies whether a node is a physical machine, a virtual machine guest, or a hypervisor host.
LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a
Identifies the presence of Docker or LXC containers to determine the available attack surface.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Searches for registry keys, MAC addresses, and firmware strings to identify virtual machine environments.
Pafish es un detector de sandbox anti-análisis y probador de entornos de virtualización. Sirve como una utilidad de diagnóstico para identificar si un sistema se está ejecutando dentro de una máquina virtual o un sandbox de análisis de malware mediante la ejecución de técnicas anti-análisis comunes. La herramienta valida la efectividad de varios métodos de evasión y apoya la investigación en la detección de sandboxes. Prueba si un sistema de destino puede ser reconocido como un entorno virtualizado para ayudar a mejorar el sigilo de los entornos de análisis de malware. La detección se logra a través de una variedad de comprobaciones de comportamiento, incluyendo el análisis de artefactos de hardware, filtrado de direcciones MAC y huellas dactilares de claves de registro. La suite también emplea detección basada en instrucciones, análisis de ejecución basado en tiempo y escaneo de entornos basado en procesos para identificar indicadores de virtualización.
Implements various techniques to determine if a process is executing within a virtual machine or sandbox.