Daniel Roberson - Virtual Machine Detection

Virtual Machine Detection

0001-01-01

Virtual Machine Detection techniques are a class of anti-analysis techniques used by malware that detect if it is being run within a Virtual Machine.

Analysts and sandboxes tend to analyze samples within virtual machines to prevent causing harm to their workstations. If malware determines that it is being run under a virtual machine, it can take evasive actions, making analysis more difficult.

Links to this note

Recent Posts

Linux Persistence: Modular Software

2025-04-17 DFIR CTF persistence linux persistence apache asterisk

Linux Persistence: Web Shells

2025-04-16 DFIR persistence webshell linux persistence webshell apache nginx PHP

Linux Persistence: Rootkits

2025-04-15 DFIR persistence rootkit LKM linux persistence LKM rootkit LD_PRELOAD kprobe ftrace ld.so hooking

Linux Persistence: Processes

2025-04-11 DFIR persistence processes linux persistence processes

Defanging Linux LKM Rootkits With cleanup_module()

2025-04-05 Linux LKM rootkits EDR hooks incident response Linux LKM rootkit