Skip to content

2.0 Release 🎉

Latest
Latest
Compare
Choose a tag to compare
@kernelwernel kernelwernel released this 02 Jan 08:24
· 12 commits to main since this release
v2.0
f101aef
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
  • added optional VM::vmaware structure
  • added new functions:
    • VM::type()
    • VM::conclusion()
    • VM::detected_count()
  • added improvements to Hyper-X (version 5)
    Hyper-X_version_5 drawio
  • added argument support of VM::NO_MEMO to VM::check()
  • added 24 new techniques:
    • VM::GPU_CHIPTYPE by @koughing
    • VM::DRIVER_NAMES
    • VM::VBOX_IDT
    • VM::HDD_SERIAL
    • VM::PORT_CONNECTORS
    • VM::VM_HDD
    • VM::ACPI_HYPERV
    • VM::GPU_NAME
    • VM::VMWARE_DEVICES
    • VM::VMWARE_MEMORY
    • VM::IDT_GDT_MISMATCH
    • VM::PROCESSOR_NUMBER
    • VM::NUMBER_OF_CORES
    • VM::WMI_MODEL
    • VM::WMI_MANUFACTURER
    • VM::WMI_TEMPERATURE
    • VM::PROCESSOR_ID
    • VM::CPU_FANS
    • VM::POWER_CAPABILITIES
    • VM::SETUPAPI_DISK
    • VM::VMWARE_HARDENER
    • VM::WMI_QUERIES
    • VM::SYS_QEMU
    • VM::LSHW_QEMU
  • added 5 option flags to the CLI:
    • --no-color
    • --high-threshold
    • --dynamic
    • --verbose
    • --compact
  • added improvements and fixes to VM::add_custom()
  • added 3 new brands:
  • added new WMI structure module and overall WMI improvements
  • updated the scores of most techniques (see the scoring system)
  • updated:
    • VM::HKLM_REGISTRIES
    • VM::DRIVER_NAMES
    • VM::REGISTRY
  • optimized VM::INTEL_THREAD_MISMATCH
  • fixed MacOS bugs [link]
  • disabled VM::VMWARE_DMESG by default
  • removed VM::SPOOFABLE and --spoofable
  • removed:
    • VM::MOUSE_DEVICE
    • VM::VBOX_FOLDERS
    • VM::CURSOR
    • VM::HYPERV_WMI
    • VM::HYPERV_REG
    • VM::ANYRUN_DRIVER (still present in the CLI)
    • VM::ANYRUN_DIRECTORY (same)
    • VM::CWSANDBOX_VM
    • VM::MEMORY
      (these were removed either due to unreliability, unpredictability, overall low quality, ethical reasons, or a combination of them)

Credits to

VirusTotal results (38/71)

https://www.virustotal.com/gui/file/1069805c97737f4b2dfe75151ec444f246bf8421d818d96176a0568479d70bcf

I'm fully aware this looks really suspicious, but the binaries were generated through the CI/CD here purely from the source code. The score might fluctuate as it did previously, so if it doesn't match, please notify me with an issue.

Extra

For any inquiries, contact me on discord at kr.nl or email me at [email protected]

Contributors

tandasat and koughing
Assets 8
Loading