Skip to content

Thwarting VM Detection by Tom Liston and Ed Skudis

June 6, 2007

I believe most of you have at least heard of VMware, Microsoft Virtual PC, or the recent VirtualBox (http://www.virtualbox.org/) These are virtualization software. They create virtual machine environment (called guest) that runs on your local computer (called host). These software are pretty useful especially when it comes to analyzing malwares or other uses. *ahem* 😉

This is a neat paper about how to detect a VME, and about how to prevent it against detection. Recommended read.

http://handlers.sans.org/tliston/ThwartingVMDetection_Liston_Skoudis.pdf

Advertisements

From → Uncategorized

2 Comments
  1. loupgarou permalink

    as of gg v 1053,

    running maple in a vmware session, it is detected as a hacking threat.

    if you run vmware but don’t run maple in the guest system, running maple in the host system results in the whole vmware crashing due to access violation (poor memory management or deliberate).

    if you run maple first on the host, then try to start up the vmware virtual machine, it will hang the guest operating system.. (ie: you don’t even see the vmware bios boot screen).

  2. Seth permalink

    Thanks. That was a great read (humor!)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: