Open hfiref0x opened 3 years ago
Embarrassed to admit that I didn't know this trick, since I not only work at Nettitude but have worked with Kyriakos at two different companies!
Thanks @hfiref0x
When I saw the link, my initial taught that it was your post @gsuberland :)
Speaking of which, part 3 of my series is out. I'll open a new issue for it.
This article may spark some interest. https://labs.nettitude.com/blog/using-pooltags-to-fingerprint-hosts/
tl;dr; you can built table of specific pool tags used by vm drivers when allocating memory and then use it as vm detection vector.
This article provides complete example and this system information should be available starting from ancient times up to modern Win10 versions.