search

mandiant / flare-vm

A collection of software installations scripts for Windows systems that allows you to easily setup and maintain a reverse engineering environment on a VM.
Apache License 2.0
6.45k stars 906 forks source link

Flare-VM with Anti-Debugging #557

Closed wabass closed 8 months ago

wabass commented 9 months ago

Details

Thought of maybe we can add some sort of anti-debugging script. This way when we triage malwares and such, it will just pass through. And act as a physical machine or anything bare-metal.

Like all possible options we could enable. Except of some part that its not.

Ana06 commented 8 months ago

What do you exactly mean with anti-debugging script? That sounds like something that is not trivial to implement. Do you have a concrete proposal? Or can you provide more details on the concrete situation that you are trying to address with this issue?

wabass commented 8 months ago

What do you exactly mean with anti-debugging script? That sounds like something that is not trivial to implement. Do you have a concrete proposal? Or can you provide more details on the concrete situation that you are trying to address with this issue?

The GOAL is to have an Anti-VM-Detection. A script for VMwares. This would help alot especially to those who do RE. Well the goal is also for all Threat Intel people. I done it on VirtualBox but on VMware it's kinda frustrating.

SO I was hoping we could pull something for Anti-VM-Detection. There are some old repos but only works for Virtualbox.

Ana06 commented 8 months ago

@wabass FLARE-VM should work on both VMWare and VirtualBox. We could create a new package for installing/running an Anti-VM detection script/s in VM-Packages, but developing the script is outside of the scope of FLARE-VM/VM-Packages and I think it should be developed and maintain independently.