Easy way to evade automated VM detonation: just make a simple loop that does nothing for 5 minutes.
-
Show this thread
-
Why not use a sleep call? because they can short-circuit that shit.
5 replies 0 retweets 25 likesShow this thread -
Replying to @malwareunicorn
how many sandboxes does this work on? Because many sandboxes will play with system clock and monitor CPU instructions.
1 reply 1 retweet 0 likes -
-
Replying to @0DDJ0BB
If you are doing a loop you don't need to check the time if you know how many instructions it takes to run for 5+ minutes.
3 replies 0 retweets 5 likes
Replying to @malwareunicorn @0DDJ0BB
Yeah avoiding checking time and avoiding loops that easily collapse out under optimization transformations are necessary.
12:30 PM - 18 Sep 2017
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.