Skip to content

2.0 Release 🎉

Latest
Latest
Compare
Choose a tag to compare
@kernelwernel kernelwernel released this 02 Jan 08:24
· 1 commit to main since this release
v2.0
f101aef
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
  • added optional VM::vmaware structure
  • added new functions:
    • VM::type()
    • VM::conclusion()
    • VM::detected_count()
  • added improvements to Hyper-X (version 5)
    Hyper-X_version_5 drawio
  • added argument support of VM::NO_MEMO to VM::check()
  • added 24 new techniques:
    • VM::GPU_CHIPTYPE by @koughing
    • VM::DRIVER_NAMES
    • VM::VBOX_IDT
    • VM::HDD_SERIAL
    • VM::PORT_CONNECTORS
    • VM::VM_HDD
    • VM::ACPI_HYPERV
    • VM::GPU_NAME
    • VM::VMWARE_DEVICES
    • VM::VMWARE_MEMORY
    • VM::IDT_GDT_MISMATCH
    • VM::PROCESSOR_NUMBER
    • VM::NUMBER_OF_CORES
    • VM::WMI_MODEL
    • VM::WMI_MANUFACTURER
    • VM::WMI_TEMPERATURE
    • VM::PROCESSOR_ID
    • VM::CPU_FANS
    • VM::POWER_CAPABILITIES
    • VM::SETUPAPI_DISK
    • VM::VMWARE_HARDENER
    • VM::WMI_QUERIES
    • VM::SYS_QEMU
    • VM::LSHW_QEMU
  • added 5 option flags to the CLI:
    • --no-color
    • --high-threshold
    • --dynamic
    • --verbose
    • --compact
  • added improvements and fixes to VM::add_custom()
  • added 3 new brands:
  • added new WMI structure module and overall WMI improvements
  • updated the scores of most techniques (see the scoring system)
  • updated:
    • VM::HKLM_REGISTRIES
    • VM::DRIVER_NAMES
    • VM::REGISTRY
  • optimized VM::INTEL_THREAD_MISMATCH
  • fixed MacOS bugs [link]
  • disabled VM::VMWARE_DMESG by default
  • removed VM::SPOOFABLE and --spoofable
  • removed:
    • VM::MOUSE_DEVICE
    • VM::VBOX_FOLDERS
    • VM::CURSOR
    • VM::HYPERV_WMI
    • VM::HYPERV_REG
    • VM::ANYRUN_DRIVER (still present in the CLI)
    • VM::ANYRUN_DIRECTORY (same)
    • VM::CWSANDBOX_VM
    • VM::MEMORY
      (these were removed either due to unreliability, unpredictability, overall low quality, ethical reasons, or a combination of them)

Credits to

VirusTotal results (33/72)

https://www.virustotal.com/gui/file/1069805c97737f4b2dfe75151ec444f246bf8421d818d96176a0568479d70bcf

I'm fully aware this looks really suspicious, but the binaries were generated through the CI/CD here purely from the source code. The score might fluctuate as it did previously, so if it's not 33/72, please notify me with an issue.

Extra

For any inquiries, contact me on discord at kr.nl or email me at [email protected]

Contributors

tandasat and koughing
Assets 8
Loading