VMware™ hypervisor fingerprinting by Pedro Silva
Author:Pedro Silva [Silva, Pedro]
Language: eng
Format: epub
Tags: Virtualization
Published: 2017-03-06T08:00:00+00:00
Other hypervisors
VirtualBox support
Hyper-V support
Xen support
Azure support
KDM/QEMU support
Nested Hypervisor detection
Cloud provider detection support
IPv6 support
Add more BIOS signatures for more versions and patch levels
References
[1] VMware™ Backdoor I/O Port - https://sites.google.com/site/chitchatvmback/backdoor
[2] VM Back - VMware™ Command Line Tools (Unofficial tools) - https://sites.google.com/site/chitchatvmback/vmtools
[3] Overview of VMware™ Tools (340) - https://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=340
[4] Advanced VMware™ Tools, Pedro Mendes da Silva, 2016, Unpublished
[5] vSphere Guest SDK Documentation - https://www.vmware.com/support/developer/guest-sdk/index.html
[6] vSphere Guest and HA Application Monitoring SDK Documentation - http://pubs.vmware.com/vsphere-60/topic/com.vmware.sdk.doc/GUID-14451BD8-6FF5-4265-AC02-CEC7F5A78A3F.html
[7] “vmware_puppetfact” - https://github.com/wolfspyre/vmware_puppetfact/blob/origin/lib/facter/vmware.rb https://github.com/wolfspyre/vmware_puppetfact
[8] Which vSphere version is my VM running - http://virtwo.blogspot.be/2015/05/which-vsphere-version-is-my-vm-running.html
[9] Which esx version am I running on - http://virtwo.blogspot.pt/2010/10/which-esx-version-am-i-running-on.html
[10] VMware™ Guest SDK Guest Stats 5.6 - http://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.guestsdk.pg.doc/guest_sdk_GuestStats.5.6.html?path=7_7_0_2_4_0#1006925
[11] vSphere 6.0 Administration - Virtual Machine Compatibility - https://pubs.vmware.com/vsphere-60/index.jsp#com.vmware.vsphere.vm_admin.doc/GUID-64D4B1C9-CD5D-4C68-8B50-585F6A87EBA0.html
[12] Virtual machine hardware versions (1003746) - VMware™ products and their virtual hardware version - https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003746
[13] vSphere 6.0 Administration - Hardware Features Available with Virtual Machine Compatibility Settings - https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.vm_admin.doc%2FGUID-789C3913-1053-4850-A0F0-E29C3D32B6DA.html
[14] Open VM tools backdoor code examples (useful to learn backdoor behavior) - https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/checkvm/checkvm.c + https://github.com/vmware/open-vm-tools/blob/master/open-vm-tools/lib/backdoor/backdoor.c
[15] What is the open-vm-tools project? - https://github.com/vmware/open-vm-tools/
[16] vmw - generic backdoor access program https://sites.google.com/site/chitchatvmback/vmtools#vmw https://sites.google.com/site/chitchatvmback/storage/vmw-060510.tar.gz
[17] dmidecode - http://www.nongnu.org/dmidecode/
[18] dmidecode (for Windows) http://gnuwin32.sourceforge.net/packages/dmidecode.htm
[19] CPUID - https://en.wikipedia.org/wiki/CPUID
[20] x86 virtualization - https://en.wikipedia.org/wiki/X86_virtualization
[21] What do the flags in /proc/cpuinfo mean? - http://unix.stackexchange.com/questions/43539/what-do-the-flags-in-proc-cpuinfo-mean
[22] VMware™ is telling me: 'This virtual machine might have been moved or copied'. What should I do? - https://www.vulnhub.com/faq/
[23] Changing or keeping a UUID for a moved virtual machine (1541) https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1541
[24] vSockets Programming Guide, VMware, Inc, http://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/ws9_esx60_vmci_sockets.pdf
[25] VMCI Socket Performance,Performance Study, VMware, Inc, http://www.vmware.com/pdf/vsp_4_VMCI_socket_perf.pdf
[26] vsockets tools repository - https://bitbucket.org/tagido/vsockets-tools/downloads
[27] Very simple detection mechanisms can be cheated by closing the backdoor that is used by the VMware-Tools - http://faq.sanbarrow.com/index.php?action=artikel&cat=18&id=58
[28] monitor_control.virtual_rdtsc (VMX configuration option ) - «By default, VMware™ virtualizes RDTSC but "monitor_control.virtual_rdtsc" option allows to disable RDTSC interception to improve time measurement resolution in VM. » https://communities.vmware.com/thread/154838?start=0&tstart=0
[29] monitor_control (VMX configuration option ) - This class of parameters is used to configure theinteraction between host and guest. http://faq.sanbarrow.com/index.php?action=artikel&cat=14&id=59&artlang=en&highlight=mode
[30] Using: monitor_control.restrict_backdoor = "TRUE" - https://communities.vmware.com/message/2318988
[31] Configure virtual machine for nested ESX/ESXi with PowerCLI - http://enterpriseadmins.org/blog/scripting/configure-virtual-machine-for-nested-esxesxi-with-powercli/
[32] vSphere 4 ESX vCenter MAC Addresses generation https://pubs.vmware.com/vsphere-4-esx-vcenter/index.jsp#com.vmware.vsphere.server_configclassic.doc_41/esx_server_config/advanced_networking/c_mac_addresses_generation.html
[33] vSphere 5.5 ESX Networking - https://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.networking.doc/GUID-DC7478FF-DC44-4625-9AD7-38208C56A552.html
[34] NMAP http://nmap.org
[35] NMAP Network Scanning, Gordon “Fyodor” Lyon, http://nmap.org/book/
ISBN: 978-0-9799587-1-7
[36] Extracting SSL thumb print from esxi http://www.virtuallyghetto.com/2012/04/extracting-ssl-thumbprint-from-esxi.html
[37] VMware: Running Nested VMs - https://communities.vmware.com/docs/DOC-8970
[38] Detecting Hardware-assisted Hypervisor Rootkits within nested virtualized environments - http://www.dtic.mil/dtic/tr/fulltext/u2/a563168.pdf
[39] vmhost_report (package, open-source) - https://bitbucket.org/tagido/vsockets-tools/downloads/vmhost_report.0.53.tar.gz
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
Sass and Compass in Action by Wynn Netherland Nathan Weizenbaum Chris Eppstein Brandon Mathis(7921)
Grails in Action by Glen Smith Peter Ledbrook(7889)
Azure Containers Explained by Wesley Haakman & Richard Hooper(7226)
Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 by Chris Gill(7224)
Running Windows Containers on AWS by Marcio Morales(6759)
Kotlin in Action by Dmitry Jemerov(5302)
Microsoft 365 Identity and Services Exam Guide MS-100 by Aaron Guilmette(5281)
Microsoft Cybersecurity Architect Exam Ref SC-100 by Dwayne Natwick(4998)
Combating Crime on the Dark Web by Nearchos Nearchou(4862)
The Ruby Workshop by Akshat Paul Peter Philips Dániel Szabó and Cheyne Wallace(4553)
Management Strategies for the Cloud Revolution: How Cloud Computing Is Transforming Business and Why You Can't Afford to Be Left Behind by Charles Babcock(4499)
The Age of Surveillance Capitalism by Shoshana Zuboff(4126)
Python for Security and Networking - Third Edition by José Manuel Ortega(4110)
Learn Wireshark by Lisa Bock(3923)
The Ultimate Docker Container Book by Schenker Gabriel N.;(3771)
Learn Windows PowerShell in a Month of Lunches by Don Jones(3576)
DevSecOps in Practice with VMware Tanzu by Parth Pandit & Robert Hardt(3441)
Blockchain Basics by Daniel Drescher(3435)
Windows Ransomware Detection and Protection by Marius Sandbu(3434)
