VmwareHardenedLoader
opencanary
VmwareHardenedLoader | opencanary | |
---|---|---|
7 | 16 | |
1,487 | 2,004 | |
- | 1.2% | |
0.0 | 7.1 | |
over 1 year ago | 14 days ago | |
C | Python | |
MIT License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
VmwareHardenedLoader
-
Bypass EAC "cannot run under virtual machine" (ESXi, Windows VM)?
Tried installing this vmware hardener, including all of its config changes. Got a different error message (something like "Please unload vmloader.sys"), but still didn't work.
- How to optimize workstation pro 17 for 8 virtual PCs at once?
- Virtualization hypervisors what the heck...
- Is there something like this for proxmox?
-
ProctorU Is Dystopian Spyware
https://github.com/hzqst/VmwareHardenedLoader works for VMware but doesn't work against some modern anti-cheats, but KVM universally works against anti-cheats when configured properly with RTDSC spoofing and such
-
Looking to run a LOL bot to level up account in a VM
You will need a VM bypass, some bot discords include them separately for a one time fee like Elixrbot which I use but it locks you into VMWare/vSphere, I tried using on a QEMU platform (Proxmox) but I suspect you will need something other than the QEMU display adapters for it to work. I haven't tried them yet but there's some other resources out there like https://github.com/hzqst/VmwareHardenedLoader and https://www.youtube.com/watch?v=oHrcM1ZvH4c&feature=youtu.be
-
Making a VM look as legit as possible?
Check VmwareHardendedLoader if you are running vmware workstation.
opencanary
- OpenCanary
- What security and monitoring measures do you have in place for your servers?
-
How to make honeypots.
Thinkst has an open source version of their commercial product called opencanary that is popular and that I also personally vouch for.
-
How to test my security?
Totally forgot to include the link. https://github.com/thinkst/opencanary
-
Suggestions for Canary token alternative
At the start its worth noting, that if you deploy Canaries (our paid version of the free version we build at opencanary.org) you get the fidelity of alert you want. ie. you get to run a fake fileshare with files you want on it. Anytime the file is opened, you get a notification (since you effectively are the host offering the file).
-
Does anyone have OpenCanary working in a docker container?
Have you tried the Dockerfiles and compose from this repo https://github.com/thinkst/opencanary ?
-
Selfhosted intrusion detection systems
I setup open canary. Not exactly the same thing obviously but it was pretty easy to setup and confirm working. I hope anyone that gains access tries to connect to it and gives me a notification via email. No guarantees obviously and I'm not an expert so open to feedback how people think about these things.
-
Canary Honeypot (Updated 2022)
Opencanary Get out https://github.com/thinkst/opencanary for details on this. Run the following for download and installation: sudo apt-get update && sudo apt-get upgrade -y sudo apt install git -y sudo apt-get install build-essential libssl-dev libffi-dev python-dev -y sudo apt-get install python3-pip -y git clone https://github.com/thinkst/opencanary cd opencanary sudo python3 setup.py install Now generate a config file. opencanaryd --copyconfig Now edit the new conf file: vim .opencanary.conf Make sure to keep proper JSON formatting or the OpenCanary service won't start. I used jq to validate that the JSON file is good to go! If there are issues it will help you quickly identify them. If you need more information around using or installing jq please visit https://stedolan.github.io/jq/download/ { "device.node_id": "opencanary-1", "ip.ignorelist": [ ], "git.enabled": false, "git.port" : 9418, "ftp.enabled": true, "ftp.port": 21, "ftp.banner": "FTP server ready", "http.banner": "Apache/2.2.22 (Ubuntu)", "http.enabled": false, "http.port": 80, "http.skin": "nasLogin", "http.skin.list": [ { "desc": "Plain HTML Login", "name": "basicLogin" }, { "desc": "Synology NAS Login", "name": "nasLogin" } ], "httpproxy.enabled" : false, "httpproxy.port": 8080, "httpproxy.skin": "squid", "httproxy.skin.list": [ { "desc": "Squid", "name": "squid" }, { "desc": "Microsoft ISA Server Web Proxy", "name": "ms-isa" } ], "logger": { "class": "PyLogger", "kwargs": { "formatters": { "plain": { "format": "%(message)s" }, "syslog_rfc": { "format": "opencanaryd[%(process)-5s:%(thread)d]: %(name)s %(levelname)-5s %(message)s" } }, "handlers": { "console": { "class": "logging.StreamHandler", "stream": "ext://sys.stdout" }, "file": { "class": "logging.FileHandler", "filename": "/var/tmp/opencanary.log" }, "syslog-unix": { "class": "logging.handlers.SysLogHandler", "formatter":"syslog_rfc", "address": [ "localhost", 514 ], "socktype": "ext://socket.SOCK_DGRAM" }, "json-tcp": { "class": "opencanary.logger.SocketJSONHandler", "host": "127.0.0.1", "port": 1514 }, "SMTP": { "class": "logging.handlers.SMTPHandler", "mailhost": ["smtp.yourserver.com", 25], "fromaddr": "[email protected]", "toaddrs" : ["[email protected]"], "subject" : "OpenCanary Alert", "credentials" : ["youraddress", "SecureStrongpass"], "secure" : [] }, "slack":{ "class":"opencanary.logger.SlackHandler", "webhook_url":"https://hooks.slack.com/services/..." }, "teams": { "class": "opencanary.logger.TeamsHandler", "webhook_url":"https://my-organisation.webhook.office.com/webhookb2/..." } } } }, "portscan.enabled": false, "portscan.logfile":"/var/log/kern.log", "portscan.synrate": 5, "portscan.nmaposrate": 5, "portscan.lorate": 3, "smb.auditfile": "/var/log/samba-audit.log", "smb.enabled": false, "mysql.enabled": false, "mysql.port": 3306, "mysql.banner": "5.5.43-0ubuntu0.14.04.1", "ssh.enabled": false, "ssh.port": 22, "ssh.version": "SSH-2.0-OpenSSH_5.1p1 Debian-4", "redis.enabled": false, "redis.port": 6379, "rdp.enabled": false, "rdp.port": 3389, "sip.enabled": false, "sip.port": 5060, "snmp.enabled": false, "snmp.port": 161, "ntp.enabled": false, "ntp.port": "123", "tftp.enabled": false, "tftp.port": 69, "tcpbanner.maxnum":10, "tcpbanner.enabled": false, "tcpbanner_1.enabled": false, "tcpbanner_1.port": 8001, "tcpbanner_1.datareceivedbanner": "", "tcpbanner_1.initbanner": "", "tcpbanner_1.alertstring.enabled": false, "tcpbanner_1.alertstring": "", "tcpbanner_1.keep_alive.enabled": false, "tcpbanner_1.keep_alive_secret": "", "tcpbanner_1.keep_alive_probes": 11, "tcpbanner_1.keep_alive_interval":300, "tcpbanner_1.keep_alive_idle": 300, "telnet.enabled": false, "telnet.port": "23", "telnet.banner": "", "telnet.honeycreds": [ { "username": "admin", "password": "$pbkdf2-sha512$19000$bG1NaY3xvjdGyBlj7N37Xw$dGrmBqqWa1okTCpN3QEmeo9j5DuV2u1EuVFD8Di0GxNiM64To5O/Y66f7UASvnQr8.LCzqTm6awC8Kj/aGKvwA" }, { "username": "admin", "password": "admin1" } ], "mssql.enabled": false, "mssql.version": "2012", "mssql.port":1433, "vnc.enabled": false, "vnc.port":5000 } $ . env/bin/activate $ opencanaryd --start If everything worked you should have some emails or slack messages alerting you to the startup of the services. Over time, depending on what you enabled, you will receive alerts for port scans, or other attempts. Please visit this document which covers in more detail OpenCanary, https://buildmedia.readthedocs.org/media/pdf/opencanary/latest/opencanary.pdf Slack channel for Opencanary Alerts, set up incoming webhooks. https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack https://slack.com/help/articles/115005265063-Incoming-webhooks-for-Slack
-
Never Change Your Password
Here's a good and free tip: A unique password breached can be turned around to better know your enemy. Set-up a canary honeypot and monitor your environment for it:
See https://github.com/thinkst/opencanary
- Honeypot on pi
What are some alternatives?
pafish - Pafish is a testing tool that uses different techniques to detect virtual machines and malware analysis environments in the same way that malware families do
tpotce - 🍯 T-Pot - The All In One Honeypot Platform 🐝
cuckoo-modified - Modified edition of cuckoo
endlessh - SSH tarpit that slowly sends an endless banner
VBoxHardenedLoader - VirtualBox VM detection mitigation loader
cowrie - Cowrie SSH/Telnet Honeypot https://cowrie.readthedocs.io
al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.
pfSense - Main repository for pfSense
ISO-27001-2013-information-technology-security - :closed_lock_with_key: Probably the most boring-but-necessary repo on GitHub. If you care about the security/privacy of your data...! :white_check_mark:
PassFilter - PassFilter is a dll that can be loaded into LSASS to filter passwords which are included in an offline HIBP file.
hibppwdflt - An Windows LSA Password Filter DLL to exclude leaked password from "Have I been Pwned" database (Offline)