6 个仓库
Techniques for identifying if a process is executing within a virtual machine or sandbox.
Distinct from Virtual Machine Discovery Tools: Candidates describe the VMs themselves, not the act of detecting them for evasion.
Explore 6 awesome GitHub repositories matching security & cryptography · Virtualization Detection. Refine with filters or upvote what's useful.
Nishang is a PowerShell-based offensive security framework designed for red teaming and penetration testing on Windows targets. It functions as a post-exploitation toolkit and payload generator to automate attacks and manage remote targets. The project provides specialized capabilities for bypassing security controls, such as disabling the Antimalware Scan Interface and employing in-memory execution to avoid disk-based detection. It includes a variety of stealthy command and control mechanisms, utilizing non-standard channels like DNS TXT records, ICMP traffic, and webmail for communication a
Identifies virtual machine environments by checking hardware fingerprints to avoid detection.
This project is a post-exploitation framework and command and control platform designed for security research and penetration testing. It functions as a remote access tool consisting of a central command server and encrypted executable payloads that establish reverse shell connections. The system utilizes a web-based dashboard for multi-client administration, allowing for remote host monitoring and direct shell access through an in-browser terminal. It generates cross-platform, encrypted binaries that employ a multi-stage delivery chain and a key exchange mechanism to secure communications.
Implements checks to identify if the payload is executing within a virtual machine or sandbox to evade detection.
Chef is a configuration management platform and infrastructure as code framework used to automate the deployment and maintenance of infrastructure state across a fleet of servers. It operates as an idempotent automation engine, ensuring systems converge to a desired state by applying only the necessary changes to resolve differences. The system functions as a multi-platform server orchestrator capable of managing infrastructure across different operating systems, cloud providers, and hardware architectures. It includes a dedicated infrastructure testing framework to verify configuration code
Identifies whether a node is a physical machine, a virtual machine guest, or a hypervisor host.
LinEnum is a suite of security utilities for auditing Linux systems, scanning for privilege escalation paths, and enumerating local vulnerabilities. It functions as a system security audit tool, a local enumeration utility, and a scanner for identifying misconfigurations that could allow a user to gain root access. The project includes specialized auditing for containerized environments, specifically detecting Docker and LXC signatures to identify potential escape vectors to the host system. Its broader capabilities cover the analysis of kernel versions, the identification of SUID binaries a
Identifies the presence of Docker or LXC containers to determine the available attack surface.
Al-Khaser is a research project focused on the development of anti-analysis and evasion techniques to resist reverse engineering. It provides implementations for detecting and evading virtual machines, sandboxes, and debuggers to prevent software analysis. The project implements control flow obfuscation through anti-disassembly methods and utilizes dynamic API resolution to bypass static import tables. It further hinders forensic analysis by manipulating memory headers to prevent process dumps and utilizing remote code injection to execute logic in external processes. The capability surface
Searches for registry keys, MAC addresses, and firmware strings to identify virtual machine environments.
Pafish 是一个反分析沙箱检测器和虚拟化环境测试器。它作为诊断工具,通过执行常见的反分析技术来识别系统是否在虚拟机或恶意软件分析沙箱内运行。 该工具验证各种规避方法的有效性,并支持对沙箱检测的研究。它测试目标系统是否可被识别为虚拟化环境,以帮助提高恶意软件分析环境的隐蔽性。 检测通过多种行为检查实现,包括硬件工件分析、MAC 地址过滤和注册表键指纹识别。该套件还采用基于指令的检测、基于时间的执行分析和基于进程的环境扫描来识别虚拟化指标。
Implements various techniques to determine if a process is executing within a virtual machine or sandbox.