An intersting paper on Virtualization bugs, an intersting field where couldbe produced new Ati-Emulation Techniques:
http://www.scribd.com/doc/953953/Owning-the-cloud-virtualization-software-is-full-of-bugs-
Giuseppe ‘Evilcry’ Bonfa’
An intersting paper on Virtualization bugs, an intersting field where couldbe produced new Ati-Emulation Techniques:
http://www.scribd.com/doc/953953/Owning-the-cloud-virtualization-software-is-full-of-bugs-
Giuseppe ‘Evilcry’ Bonfa’
Hi,
Thanks to Gunther for ARTeam here we have some new Anti-Emulation open source functions, I’ve uploaded these on my OffensiveCOding section:
here a quick list of the functions:
Anti-KAV -> Call this one before WSAStartup(),so sockets wont be initialized.
Anti-NOD32 -> sse1 instruction which nod32 cannot emulate.
IsEmulator -> Timings Attack to Emulator Environement.
IsCWSandBox -> Check if CreateProcess is hooked.
IsAnubis -> Check whether it is running within Anubis.
IsAnubis2 -> Check whether it is running within Anubis.
IsNormanSandBox -> NormanSandBox Awareness.
IsSunbeltSandBox -> Sunbelt Awareness.
IsVirtualPC -> VirtualPC Awareness.
IsVMware -> VMware Awareness.
DetectVM -> Check whether it is running in VMWare, VirtualBox using registry.
IsRegMonPresent -> Checking for RegMon by checking if the driver isΒ loaded in memory and by searching Β Β for the window handle.
Here the link:
http://evilcry.netsons.org/OC0/code/EmulationAwareness.c
See you to the next post.. π
After a long break caused to Work, I restarted to work on three basilar projects:
See you to the next post.. π
Hi,
Netsons ( http://netsons.org ) killed my account, http://evilcry.netsons.org without any advice. I’m now without any website, I has 50% ready Elgamal CryptoReverse Engineering but thanks to Netsons I can’t pubish it.
I strongly recomend any person to use netsons, 0 seriousness.
Regards,
Evilcry