sliver icon indicating copy to clipboard operation
sliver copied to clipboard
verified publisher icon BishopFox

Implant: add virtualization detection

Open Tehreem-Iqbal opened this issue 1 month ago • 1 comments

Summary

This PR adds virtualization detection to the implant On startup, during the registration request, the implant now sends a field indicating whether it is running inside a virtual machine

Details

  • Added lightweight virtualization checks
  • Added new field to the registration struct
  • Updated server side to read/store the new field
  • Updated related protobuffs

Why

Operators gain immediate insight into whether the compromised host is virtualized,

Related Issue

Feature #2055

Tehreem-Iqbal avatar Nov 28 '25 22:11 Tehreem-Iqbal

This is cool but i would suggest having an optional parameter in the generate just in case it creates IOC for EDR to pick

Signum21 avatar Dec 09 '25 23:12 Signum21