Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-anti-virtualization
A curated list of awesome resources related to anti virtualization techniques
https://github.com/theo-abel/awesome-anti-virtualization
Last synced: 3 days ago
JSON representation
-
:books: Literature
-
Documentation
- About evasion techniques - Check Point Research
- Detecting Hypervisor-assisted Hooking - Maurice Heumann - hook-detection/tree/main)
- Evading ACPI checks in commercial virtualization platforms - Nick Peterson
- How anti-cheats detect system emulation - secret.club
- Detecting Hypervisor Presence on Windows 10 - Nick Peterson
- 7 Ways to Detect Virtualization from your VM \[Xen,VirtualBox,KVM,OpenStack with KVM\
- Playing with GuLoader Anti-VM techniques - outpost24.com
- Detecting VMware by reading an invalid MSR - drew
- Defeating malware's Anti-VM techniques (CPUID-Based Instructions) - Sina Karvandi
- Deploy Hidden Virtual Machine For VMProtections Evasion And Dynamic Analysis - r0ttenbeef
-
Scientific Research
- Detecting System Emulators
- Detection of Virtual Machines Based on Thread Scheduling
- Hypervisor-assisted dynamic malware analysis
- Resurrecting anti-virtualization and anti-debugging: Unhooking your hooks
- DBI, debuggers, VM: gotta catch them all: How to escape or fool debuggers with internal architecture CPU flaws?
- Creating Modern Blue Pills and Red Pills
- Attacks on Virtual Machine Emulators
- On the Cutting Edge: Thwarting Virtual Machine Detection
- Methods for Virtual Machine Detection
- Rethinking anti-emulation techniques for large-scale software deployment
- New attack technique based on Meltdown. Using speculative instructions to detect virtualization
- A Study of I/O Performance of Virtual Machines
- Detecting Hardware -Assisted Virtualization
- Virtual Machines Detection Methods Using IP Timestamps Pattern Characteristic
- Two challenges of stealthy hypervisors detection : time cheating and data fluctuations
- New Methods for Detecting Malware Infections and New Attacks against Hardware Virtualization
- Hyperprobe: Towards Virtual Machine Extrospection - program/presentation/xiao)
- An assessment of virtual machine assails
- Cardinal Pill Testing of System Virtual Machines
- An analysis of hardware-assisted virtual machine based rootkits
- VMDE: Virtual Machines Detection Enhanced
- Anti-virtual machines and emulations
- Virtualization Security: Virtual Machine Monitoring and Introspection
- Malware Virtualization-Resistant Behavior Detection
- On the Impossibility of Detecting Virtual Machine Monitors
- Detecting the Presence of Virtual Machines Using the Local Data Table
- Stealth sandbox analysis of malware
- Attacks on More Virtual Machine Emulators
-
Media
-
-
:wrench: Tools
-
Media
- VMAware - to-use cross-platform C++ VM detection library and tool
- Hypervisor-Phantom
- Pafish
- VMDE
- Hypervision-Detection
- Al-khaser - khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar.
- illusion-rs - Windows UEFI Blue Pill Type-1 Hypervisor in Rust (Codename: Illusion)
- Hypervisor detection
- hyperdetect.cc - mode
- antivmdetection
- InviZzzible
- Anti-VM - based implementation of several anti-vm techniques used in malware development.
- apate - debugging, anti-VM and anti-sandbox tests, to see if your linux system is able to stay under the radar.
- inside-vm - 64 only).
- metasploit-framework/scripts/meterpreter/winenum.rb
- metasploit-framework/modules/auxiliary/scanner/netbios/nbname.rb
- systemd-detect-virt (man page) - detect-virt` detects execution in a virtualized environment. It identifies the virtualization technology and can distinguish full machine virtualization from container virtualization. `systemd-detect-virt` exits with a return value of 0 (success) if a virtualization technology is detected, and non-zero (error) otherwise.
- systemd/src/basic/virt.c
- EPT Hook Detection
- PyDefender
- GoDefender
- Metasploit - source penetration testing framework that includes virtual machine detection modules
- metasploit-framework/modules/post/linux/gather/checkvm.rb
- metasploit-framework/modules/post/windows/gather/checkvm.rb
-
Categories
Sub Categories
Keywords
anti-vm
5
virtualbox
5
hypervisor
5
malware
4
vmware
4
rust
3
vm
3
virtual-machine
3
sandbox
3
anti-sandbox
3
anti-debugging
2
vm-detect
2
vbox
2
qemu
2
malware-analysis
2
kvm
2
blue-pill
2
bootkit
2
intel
2
ring-1
2
uefi
2
virtualization
2
vt-x
2
windows
2
cpp
2
rdtsc
2
antivm
2
bypass
1
ac
1
edk2
1
exam
1
hardened
1
hidden
1
ovmf
1
wine
1
vmm
1
vm-detection
1
library
1
hypervisor-detection
1
hyperv
1
detection
1
cpp-library
1
bochs
1
anticheat
1
test
1
inside
1
detect
1
winapi
1
malware-development
1
anti-virtualization
1