|
1 | 1 | # PyDefender |
2 | | -Soon, wip. started on 28 June 2024 at 22:34 lol. |
| 2 | +- This Python code provides functionality to detect and defend against various forms of debugging tools and virtualization environments. |
| 3 | + |
| 4 | +<a href="https://t.me/pulzetools"><img src="https://img.shields.io/badge/Join%20my%20Telegram%20group-2CA5E0?style=for-the-badge&logo=telegram&labelColor=db44ad&color=5e2775"></a> |
| 5 | + |
| 6 | + |
| 7 | + |
| 8 | +### Anti-Virtualization |
| 9 | + |
| 10 | +- **Triage Detection**: Detects if the system is running in a triage or analysis environment. |
| 11 | +- **Monitor Metrics**: Monitors system metrics to identify abnormal behavior indicative of virtualization. |
| 12 | +- **VirtualBox Detection**: Detects the presence of Oracle VirtualBox. |
| 13 | +- **VMware Detection**: Detects the presence of VMware virtualization software. |
| 14 | +- **KVM Check**: Checks for Kernel-based Virtual Machine (KVM) hypervisor. |
| 15 | +- **Username Check**: Verifies if the current user is a default virtualization user. |
| 16 | +- **Recent User Activity**: Checks user activity; if there are fewer than 20 files, it exits. |
| 17 | +- **USB Mount**: Checks if a USB was ever plugged into the computer before. |
| 18 | +- **QEMU Detection**: Identifies the presence of QEMU virtualization. |
| 19 | +- **Parallels Check**: Detects the use of Parallels virtualization software. |
| 20 | +- **VM Artifacts**: Searches for common artifacts indicating a virtual machine environment. |
| 21 | + |
| 22 | +### Anti-Debug |
| 23 | + |
| 24 | +- **IsDebuggerPresent**: Checks if a debugger is currently attached to the process. |
| 25 | +- **Remote Debugger**: Detects if a remote debugger is connected to the process. |
| 26 | +- **PC Uptime**: Monitors system uptime to detect debugging attempts based on system restarts. |
| 27 | +- **Check Blacklisted Windows Names**: Verifies if the process name matches any blacklisted names commonly used by debuggers. |
| 28 | +- **Running Processes**: Retrieves a list of running processes and identifies potential malicious ones. |
| 29 | +- **Parent Anti-Debug**: Detects if the parent process is attempting to debug the current process. |
| 30 | +- **Kill Bad Processes**: Terminates known malicious processes detected on the system. |
| 31 | +- **Internet Connection Check**: Checks if an internet connection is present. |
| 32 | + |
| 33 | +### Process |
| 34 | +- **Critical Process**: Sets Process as critical |
| 35 | + |
| 36 | +### Quick Nutshell |
| 37 | +- PyDefender provides comprehensive anti-virtualization and anti-debugging measures to enhance system security by detecting and countering various forms of virtualization and debugging activities. |
0 commit comments