InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them.
Branch: master
Clone or download
chkp-ramanl VEDetection: added user names to be checked as means of detection
VEDetection: added computer names to be checked as means of detection
VEDetection: added host names to be checked as means of detection
VEDetection: added specific files to be checked for their presence as means of detection
Latest commit b41629a Jan 31, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
3rdparty/boost
SandboxEvasion
conferences New slides added Jan 18, 2017
config VEDetection: added user names to be checked as means of detection Jan 31, 2019
.gitignore Vbox: added virtual devices to be checked as means of detection Apr 9, 2018
CHANGELOG.txt
LICENSE
README.md
SandboxEvasion.sln DEBUG configuration removed Sep 29, 2016
logo.png

README.md

InviZzzible

Contributed By Check Point Software Technologies LTD.
Programmed by Stanislav Skuratovich.
Presented at:

  • ShmooCon 2017 by Alexander Chailytko and Stanislav Skuratovich.
  • Virus Bulletin 2016 by Alexander Chailytko and Stanislav Skuratovich.

Slides: https://github.com/CheckPointSW/InviZzzible/blob/master/conferences/Skuratovich_Chailytko-DefeatingSandboxEvasion.pdf
Video: https://archive.org/details/ShmooCon2017/ShmooCon2017+-+Defeating+Sandbox+Evasion.mp4

Overview

InviZzzible is a tool for assessment of your virtual environments in an easy and reliable way. It contains the most recent and up to date detection and evasion techniques as well as fixes for them. Also, you can add and expand existing techniques yourself even without modifying the source code.

Supported environments

  • Cuckoo Sandbox
  • Joe Sandbox
  • VMWare virtualization products
  • VirtualBox
  • Hyper-V
  • Parallels
  • QEMU
  • BOCHS
  • Xen
  • VirtualPC
  • Sandboxie
  • Wine

Features

  • Generic tool that covers a lot of different virtual environment detection techniques and proposes fixes for that.
  • Easily extendable; support for new virtual environments can be added quickly.
  • As Cuckoo Sandbox is the most prevalent tool used for automated malware analysis, we include the detections of it as well.
  • Ability to introduce new detection techniques not through modifying the source code, but using the JSON configuration files, so the whole community can contribute towards the development of that tool.
  • User-friendly reports about the checked environment that can be shared within the organization among the purely technical guys as well as higher management.

Credits

  • Aliaksandr Trafimchuk
  • Alexey Bukhteyev
  • Raman Ladutska
  • VMDE project
  • Pafish project