HackingTeam VM detection
serializingme opened this issue · comments
HackingTeam is using WMI to detect VM's [1], if no one picks this one up I will implement them in Pafish.
[1] https://github.com/informationextraction/scout-win/blob/master/core-scout-win32/antivm.cpp
Feel free to integrate VBox and VMware detections if you want.
I see AntiCuckoo() is just a stealth function, not used for detection so it's not relevant here.
I think I have a way of implementing the AntiCuckoo() as a detection ;)
Created pull request #39 that implements HackingTeam checks, I was able to transform the anti-Cuckoo crash function into a check :D
Awesome contribution :)
I've merged into dev, will discuss in the PR.