6 repository-uri
Techniques for identifying if a process is executing within a virtual machine or sandbox.
Distinct from Virtual Machine Discovery Tools: Candidates describe the VMs themselves, not the act of detecting them for evasion.
Explore 6 awesome GitHub repositories matching security & cryptography · Virtualization Detection. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Identifies virtual machine environments by checking hardware fingerprints to avoid detection.
This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications.
Implements checks to identify if the payload is executing within a virtual machine or sandbox to evade detection.
Chef is a configuration management platform and infrastructure as code framework used to automate the deployment and maintenance of infrastructure state across a fleet of servers. It operates as an idempotent automation engine, ensuring systems converge to a desired state by applying only the necessary changes to resolve differences. The system functions as a multi-platform server orchestrator capable of managing infrastructure across different operating systems, cloud providers, and hardware architectures. It includes a dedicated infrastructure testing framework to verify configuration code
Identifies whether a node is a physical machine, a virtual machine guest, or a hypervisor host.
LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a
Identifies the presence of Docker or LXC containers to determine the available attack surface.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Searches for registry keys, MAC addresses, and firmware strings to identify virtual machine environments.
Pafish este un detector de sandbox anti-analiză și un instrument de testare a mediilor de virtualizare. Acesta servește drept utilitar de diagnosticare pentru a identifica dacă un sistem rulează în interiorul unei mașini virtuale sau al unui sandbox de analiză malware prin executarea unor tehnici comune de anti-analiză. Instrumentul validează eficacitatea diverselor metode de evaziune și susține cercetarea în detectarea sandbox-urilor. Acesta testează dacă un sistem țintă poate fi recunoscut ca un mediu virtualizat pentru a ajuta la îmbunătățirea stealth-ului mediilor de analiză malware. Detectarea este realizată printr-o varietate de verificări comportamentale, inclusiv analiza artefactelor hardware, filtrarea adreselor MAC și amprentarea cheilor de registry. Suita folosește, de asemenea, detectarea bazată pe instrucțiuni, analiza execuției bazată pe timp și scanarea mediului bazată pe procese pentru a identifica indicatorii de virtualizare.
Implements various techniques to determine if a process is executing within a virtual machine or sandbox.