2022-4-17 05:19:42 Author: www.hexacorn.com(查看原文) 阅读量:48 收藏
April 16, 2022 in Anti-*
I have written a lot about anti-vm tricks, and while this topic is so worn out that almost feels like kicking a dead horse I felt there is still a scope for some ‘novelty’ approach…
As a hobby, I started jotting down OPSEC failures from random reverse engineers and security professionals. I didn’t go too far, but once you see the list, you will get the gist and can easily expand on it a bit more.
Trust me, this is nothing personal. But yeah, it totally is 🙂
Analysing screenshots shared on social media I was able to jot down some notes on the user names used by the researchers’ boxes/test environments. Some of these user names are generic, and as such, not very helpful, but hey… many actually are pretty specific!
So, a personalized anti-* trick could simply add these known user names to a ‘we don’t run here’ list i.e. if any of these user names is found on the system –> gracefully exit.
Not very complex… but you didn’t see it coming!
| Twitter Handle | User name |
| pr0xylife | pr0xylifelab |
| mrd0x | mr.d0x |
| Wietze | Wietze |
| inversecos | Lina Lau |
| mohammadaskar2 | askar |
| DissectMalware | aniak |
| falsneg | freddy |
| Oddvarmoe | oddva |
| mrAn61 | taro |
| SBousseaden | bouss |
| vinopaljiri | Inferno |
| stvemillertime | steve |
| x86matthew | Win10 |
| 0gtweet | Administrator |
| 0gtweet | Admin |
| jonasLyk | jonas |
Honorary mention:
| Twitter Handle | User name |
| Ledtech3 | JoeUser |
如有侵权请联系:admin#unsafe.sh