obilodeau
commented
7 years ago VM detection evasion is planned. There were references already in the TODO.adoc file at the root of the repository. I added your references to it. Thanks!
If you feel up to the task, go ahead and do it. I'll test your stuff and help you. However, implementing it on my own is not on my short-list of things I want to do with malboxes right now.
If you want some advice, I would start by running paranoid fish in a built Windows 7 VM and make changes to fix the issues outlined by that tool. Non-intrusive changes should go in the main profiles. Intrusive changes should be made in a different profile (ie: win10_32_analyst_paranoid).
Also, uninstalling stuff like chocolatey and guest tools in a post-setup step would also be something I would consider doing.
Svieg
adricnet
From a comment by @Svieg in #22, here's a collection of resources to discuss vm detection and anti-analysis features/concerns for malboxes. Perhaps a feature branch or break out a test profile for these ideas?
Refs:
VMCloak is GPL3 and Python2, so maybe there's so code there that can be called or used?
hth, adricnet