6 dépôts
Techniques for identifying if a process is executing within a virtual machine or sandbox.
Distinct from Virtual Machine Discovery Tools: Candidates describe the VMs themselves, not the act of detecting them for evasion.
Explore 6 awesome GitHub repositories matching security & cryptography · Virtualization Detection. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Identifies virtual machine environments by checking hardware fingerprints to avoid detection.
This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications.
Implements checks to identify if the payload is executing within a virtual machine or sandbox to evade detection.
Chef is a configuration management platform and infrastructure as code framework used to automate the deployment and maintenance of infrastructure state across a fleet of servers. It operates as an idempotent automation engine, ensuring systems converge to a desired state by applying only the necessary changes to resolve differences. The system functions as a multi-platform server orchestrator capable of managing infrastructure across different operating systems, cloud providers, and hardware architectures. It includes a dedicated infrastructure testing framework to verify configuration code
Identifies whether a node is a physical machine, a virtual machine guest, or a hypervisor host.
LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a
Identifies the presence of Docker or LXC containers to determine the available attack surface.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Searches for registry keys, MAC addresses, and firmware strings to identify virtual machine environments.
Pafish est un détecteur de sandbox anti-analyse et un testeur d'environnement de virtualisation. Il sert d'utilitaire de diagnostic pour identifier si un système s'exécute à l'intérieur d'une machine virtuelle ou d'une sandbox d'analyse de malware en exécutant des techniques anti-analyse courantes. L'outil valide l'efficacité de diverses méthodes d'évasion et prend en charge la recherche sur la détection de sandbox. Il teste si un système cible peut être reconnu comme un environnement virtualisé pour aider à améliorer la furtivité des environnements d'analyse de malware. La détection est obtenue via une variété de vérifications comportementales, incluant l'analyse d'artefacts matériels, le filtrage d'adresses MAC et l'empreinte digitale des clés de registre. La suite emploie également la détection basée sur les instructions, l'analyse d'exécution basée sur le temps et l'analyse d'environnement basée sur les processus pour identifier les indicateurs de virtualisation.
Implements various techniques to determine if a process is executing within a virtual machine or sandbox.