|
Hi,
metr0, I believe the source of those tips are this blog hXXp://vrt-sourcefire.blogspot.com/2009/10/how-does-malware-know-difference.html
I think defeating VM detection goes through suming up all the detection techniques and finding a workaround for each of them.
EvilCry got a C file on his blog, referencing lots of functions to detect emulation/sandbox/virtualization, maybe some ideas to pick up there.
Ed Skoudis also wrote something about VM detection thwarts, for SANS Institute I believe.
|