A tool designed to automate the hardening of VMware instances.

You must rename devices in the Guest OS to remove "VMware" or "VirtualBox" strings.

Bypassing VM detection is a dual-use skill. While it is essential for to unpack and study the latest threats, it is also used by malware authors to evade automated sandboxes like Cuckoo or Any.Run.

Certain CPU instructions, such as CPUID or RDTSC , take longer to execute in a virtualized environment due to the overhead of the hypervisor. Techniques for VM Detection Bypass

Manually change the MAC address to a random prefix that does not belong to a virtualization vendor. 3. Cleaning the Registry and File System

Advanced malware uses the RDTSC (Read Time-Stamp Counter) instruction to measure how long a process takes. If it takes too long, the malware assumes a hypervisor is intercepting the call. Bypassing this usually requires:

Learn about techniques used by modern ransomware?

Manually changing every registry key is tedious and prone to error. Several community tools automate the process of making a VM "stealthy":

A demonstration tool that executes various VM detection tricks. It is the gold standard for testing if your bypass techniques are working.