gsuberland
commented
3 years ago Embarrassed to admit that I didn't know this trick, since I not only work at Nettitude but have worked with Kyriakos at two different companies!
Open hfiref0x opened 3 years ago
gsuberland
commented
3 years ago Embarrassed to admit that I didn't know this trick, since I not only work at Nettitude but have worked with Kyriakos at two different companies!
LordNoteworthy
commented
3 years ago Thanks @hfiref0x
When I saw the link, my initial taught that it was your post @gsuberland :)
gsuberland
commented
3 years ago Speaking of which, part 3 of my series is out. I'll open a new issue for it.
This article may spark some interest. https://labs.nettitude.com/blog/using-pooltags-to-fingerprint-hosts/
tl;dr; you can built table of specific pool tags used by vm drivers when allocating memory and then use it as vm detection vector.
This article provides complete example and this system information should be available starting from ancient times up to modern Win10 versions.