(www.cyberscarecrow.com)

606 points toby_tw | 1 comments | 18 Jun 24 08:08 UTC | HN request time: 0.216s | source

Show context

no-dr-onboard ◴[18 Jun 24 16:07 UTC] No.40719413[source]▶

Fun concept, but this is security by obscurity. Other heuristics:

- providing fake manifests to hardware drivers commonly associated with virtual machines - active process inspector handles - presence of any software signed by hexrays (the ini file is usually enough)

replies(1): >>40720113 #

1. bhelkey ◴[18 Jun 24 17:25 UTC] No.40720113[source]▶

>>40719413 #

> Fun concept, but this is security by obscurity.

Malware uses signals to determine if they are running in a VM. If we can degrade those signals, they will have to play a cat and mouse game trying to avoid VMs.

The less clear it is if a process is running in a VM, the easier time security researchers will have testing exploits found in the wild.

↑

Cyber Scarecrow