I have written a lot about anti-vm tricks, and while this topic is so worn out that almost feels like kicking a dead horse I felt there is still a scope for some ‘novelty’ approach…<\/p>\n\n\n\n
As a hobby, I started jotting down OPSEC failures from random reverse engineers and security professionals. I didn’t go too far, but once you see the list, you will get the gist and can easily expand on it a bit more. <\/p>\n\n\n\n
Trust me, this is nothing personal. But yeah, it totally is \ud83d\ude42<\/p>\n\n\n\n
Analysing screenshots shared on social media I was able to jot down some notes on the user names used by the researchers’ boxes\/test environments. Some of these user names are generic, and as such, not very helpful, but hey… many actually are pretty specific!<\/p>\n\n\n\n
So, a personalized anti-* trick could simply add these known user names to a ‘we don’t run here’ list i.e. if any of these user names is found on the system –> gracefully exit.<\/p>\n\n\n\n
Not very complex… but you didn’t see it coming!<\/p>\n\n\n\n