Stealth VM Oct 06 2008 07:20AM
Stuart Gilchrist-Thomas (stuartpaulthomas gmail com) (3 replies)
Re: Stealth VM Apr 06 2009 09:44AM
Dante Signal31 (dante signal31 gmail com)
Re: Stealth VM Nov 06 2008 12:19PM
Javier Fernandez-Sanguino (jfernandez germinus com) (1 replies)
RE: Stealth VM Nov 06 2008 09:54PM
Michael Owen (mowen costco com) (1 replies)
Re: Stealth VM Nov 07 2008 06:28AM
Stuart Thomas (stuartpaulthomas gmail com)
Re: Stealth VM Oct 06 2008 11:52AM
Michael Bailey (mibailey eecs umich edu)
We discussed the extent of and several techniques for honeypot
fingerprinting in our paper "Towards an Understanding of Anti-
virtualization and Anti-debugging Behavior in Modern Malware" (http://www.eecs.umich.edu/~mibailey/publications/dsn08_final.pdf
). Techniques for avoiding this fingerprinting, however, are left as
an exercise for the reader ;)

-* michael

On Oct 6, 2008, at 3:20 AM, Stuart Gilchrist-Thomas wrote:

> Hi,
> Does anyone have any pointers to evidence or advice on hiding or
> reducing the detection of VM honey pots. I know of temporal issues
> e.g. Timing metrics can give away a VM, and that you can manually
> alter peripheral identities e.g. virtual network cards etc.
> I've also created a company to purchase ip and hosting space to
> ensure a form of identity in depth. But I still lack experience in
> preventing detection. Can you help? Are you my only hope? ;)
> Many thanks.
> ---
> Sent whilst mobile.
> -original message-
> Subject: Re: Honeypot VMs
> From: pinowudi <pinowudi (at) gmail (dot) com [email concealed]>
> Date: 06/10/2008 00:13
> http://www.honeyclient.org/trac
> Jason Lewis wrote:
>> Are there any honeypot VM resources? I've seen the SPARSA one, but
>> the
>> link is dead.
>> jas

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus