Open EvilBytecode opened 1 day ago
Oh hi, I was about to ask you on discord if I could implement some of your technique ideas from GoDefender lmao, good timing :)
is the jjDqCcyUYXzHxYpufe
process not randomised? Like if I create a new VM, would that string still be present in the task list? Also, is this technique specific to a VM/sandbox brand?
Cool project btw :+1:
no, its randomized thats why i did thing that checks running processes and it excludes svchost etc, and it checks for these. also you can but credit would be appreciated. (Check checks if any non-svchost process with the same name is running more than 60 times and exits if so.)
contact me on discord, : codepulze1 / https://t.me/codepulze
i was exploring a vt sbies, and yeah one of them deploy thing called RepetitiveProcess (to bypass count check on how many programs are running) you can check godefender and maybe implement it. PoC:
As you can see jjDqCcyUYXzHxYpufe is just a some process that is supposed to be deployed there to bypass antivm check.