Closed wabass closed 8 months ago
What do you exactly mean with anti-debugging script? That sounds like something that is not trivial to implement. Do you have a concrete proposal? Or can you provide more details on the concrete situation that you are trying to address with this issue?
What do you exactly mean with anti-debugging script? That sounds like something that is not trivial to implement. Do you have a concrete proposal? Or can you provide more details on the concrete situation that you are trying to address with this issue?
The GOAL is to have an Anti-VM-Detection. A script for VMwares. This would help alot especially to those who do RE. Well the goal is also for all Threat Intel people. I done it on VirtualBox but on VMware it's kinda frustrating.
SO I was hoping we could pull something for Anti-VM-Detection. There are some old repos but only works for Virtualbox.
@wabass FLARE-VM should work on both VMWare and VirtualBox. We could create a new package for installing/running an Anti-VM detection script/s in VM-Packages, but developing the script is outside of the scope of FLARE-VM/VM-Packages and I think it should be developed and maintain independently.
Details
Thought of maybe we can add some sort of anti-debugging script. This way when we triage malwares and such, it will just pass through. And act as a physical machine or anything bare-metal.
Like all possible options we could enable. Except of some part that its not.