Home

Awesome

Info & Guide

<details> <summary>Exam Software</summary>
SoftwareBrowser ExtensionSystem TestBypassed
VMAwareLink
PafishLink
Al-KhaserLink
Safe Exam BrowserLink
Pearson VUELink
ProctorUFF Addon or Chrome Addon
ProctorU: Guardian BrowserLink
ProctorioLink
ExamityNew Platform System Check or Chrome Addon or FF Addon
ExamSoft: Examplify???
Respondus (LockDown Browser)Link & Download
KryterionLink
HonorlockLink
Inspera Exam PortalLink - Demo Exam Instructions
</details> <details> <summary>Anti-Cheat Software</summary>
TypeEngineBypassedUsed By
Anti-CheatAnti-Cheat Expert (ACE)Primarily Mobile Games
Anti-CheatBattlEye (BE)✅ (With RDTSC VM Force Exit Kernal Patch)Desktop Games
Anti-CheatEasy Anti-Cheat (EAC)Desktop Games
Anti-CheatGepard Shield✅ (With RDTSC VM Force Exit Kernal Patch)
Anti-CheatHyperionRoblox
Anti-CheatMhyprotGenshin Impact
Anti-CheatnProtect GameGuard (NP)Desktop Games
Anti-CheatRICOCHETCall of Duty Games
Anti-CheatVanguard‼️(1: Incorrect function)Valorant
EncryptEnigma Protector
EncryptSafegine Shielden
EncryptThemida
EncryptVMProtect
EncryptVProtect
</details> <details> <summary>Bypassing HDCP</summary>

Bypassing HDCP Visual Graph:

bypass

Capture Card Format Support:

image

Cheapo Bypass Kit:

Elegant Bypass Kit (Recommended):

Equipment

</details> <details> <summary>Virtual Video & Audio</summary>

Bring live video from your smartphone, remote computer, or friends directly into OBS or other studio software.

VB-CABLE Virtual Audio Device

Virtual Display Driver

</details> <details> <summary>VPN + Hypervisor</summary>

Mullvad VPN + QEMU

image image image

</details> <details> <summary>Proctoring Functions</summary> <details> <summary>Honorlock</summary>
FunctionDescription
Record WebcamRecord student's testing enviroment using webcam
Record ScreenRecord student's screen during exam
Record Web TrafficLog student's internet activity
Room ScanRecord a 360 degree enviroment scan before the assessment begins
Disable Copy/PasteBlock clipboard actions
Disable PrintingBlock printing exam content
Browser GuardLimit browser activity to exam content and allowed site URLs only
Allowed Site URLsAllow access to specific websites during an exam session
Student PhotoCapture student photo before the assessment begins
Student IDCapture ID photo before the assessment begins
</details> <details> <summary>Proctorio</summary>
Recording SettingsVerification SettingsLock Down Settings
Record VideoVerify VideoForce Full Screen
Record AudioVerify AudioOnly One Screen
Record ScreenVerify IdentityDisable New Tabs
Record Web TrafficVerify DesktopClose Open Tabs
Record DeskVerify SignatureDisable Printing
Disable Clipboard
Clear Cache
Disable Right Click
Prevent Re-Entry
</details> <details> <summary>Pearson VUE</summary>

BrowserLock

https://securedelivery-hs-prd-1.pearsonvue.com/SecureDeliveryService
%APPDATA%\OnVUE\BrowserLock.exe
%LOCALAPPDATA%\BrowserLock\log
# Obtains NetConnectionID
wmic nic where "NetConnectionStatus = 2" get NetConnectionID /value

# Obtains USB FriendlyName
powershell.exe Get-PnpDevice -PresentOnly | Where-Object { $_.InstanceId -match '^USB' }

# Obtains Display/Monitor FriendlyName
powershell.exe -Command "Get-WmiObject -Namespace 'root\WMI' -Class 'WMIMonitorID' | ForEach-Object -Process { if($_.UserFriendlyName) { ([System.Text.Encoding]::ASCII.GetString($_.UserFriendlyName)).Replace('$([char]0x0000)','') } }"

# Obtains running processes
powershell.exe /c Get-CimInstance -className win32_process | select Name,ProcessId,ParentProcessId,CommandLine,ExecutablePath

# Obtains MachineGUID
powershell (Get-ItemProperty registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\ -Name MachineGuid).MachineGUID

# Obtains system hostname
C:\Windows\system32\cmd.exe /c hostname
# LOG:
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VM Allowed flag value from forensics is vmAllowedForensic=false
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Multiple Monitor Allowed flag value from forensics is multiMonitorAllowedForensic=false
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VPN Allowed flag value from forensics is vpnAllowedForensic=true
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Shutdown file monitor started
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VM configuration received from SDS will be applied for validation
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VM detection value is: vmDetectConfig=true
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Multiple monitor configuration received from SDS will be applied for validation
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Multiple monitor detection value is: multipleMonitorDetectConfig=true
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VPN configuration received from forensics will be applied for validation
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VPN detection value is: vpnDetectConfig=false
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] USB mass storage detection value is: usbDetectConfig=false
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Minimum browserlock version required: 2304 
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Current browserlock version: 2402.1.1 
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Check if Browserlock running on VM: {DMI type 1 (System Information) - Product Name}, {DMI type 2 (Base Board Information) - Serial Number}, runningOnVM=false
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] VM check: diskSize=499 GB
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Browserlock is not running on virtual machine
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Display HDCP supported check: hdcpSupported=true
XXXX-XX-XX XX:XX:XX.XXX-XXXX [BROWSER LOCK] [INFO] Number of display devices connected: AWT=1, Physical=1, Physical/Virtual=1, Duplicate=1

# BrowserLock Booleon Variables
- hdcpSupported
- multiMonitorAllowedForensic
- multipleMonitorDetectConfig
- runningOnVM
- usbDetectConfig
- vmAllowedForensic
- vmDetectConfig
- vpnAllowedForensic
- vpnDetectConfig

image

</details> </details> <details> <summary>Hypervisor Setup Guide</summary> <details> <summary>VirtualBox</summary>

Virtual Box - VBoxManage Tool Location:

Linux: /usr/bin/VBoxManage
Mac OS X: /Applications/VirtualBox.app/Contents/MacOS/VBoxManage
Oracle Solaris: /opt/VirtualBox/bin/VBoxManage
Windows: C:\Program Files\Oracle\VirtualBox\VBoxManage.exe

Run these scripts:

ExecutionPolicy Modifier:

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force

Building a Custom Version

Dependencies

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y && sudo apt install -y acpica-tools chrpath doxygen g++-multilib libasound2-dev libcap-dev libcurl4-openssl-dev libdevmapper-dev libidl-dev libopus-dev libpam0g-dev libpulse-dev libqt5opengl5-dev libqt5x11extras5-dev qttools5-dev libsdl1.2-dev libsdl-ttf2.0-dev libssl-dev libvpx-dev libxcursor-dev libxinerama-dev libxml2-dev libxml2-utils libxmu-dev libxrandr-dev make nasm python3-dev python-dev qttools5-dev-tools texlive texlive-fonts-extra texlive-latex-extra unzip xsltproc default-jdk libstdc++5 libxslt1-dev linux-kernel-headers makeself mesa-common-dev subversion yasm zlib1g-dev glslang-tools ia32-libs libc6-dev-i386 lib32gcc1 lib32stdc++6

Building VirtualBox

./configure --disable-hardening && source ./env.sh && kmk all && 
</details> <details> <summary>VMware</summary>

VMware PRO License Key:

MC60H-DWHD5-H80U9-6V85M-8280D

Patching BIOS ROM

  1. Locate file BIOS.440.ROM within %PROGRAMFILES(X86)%\VMware\VMware Workstation\x64.
  2. Utilize Phoenix BIOS Editor to modify compromising DMI Strings, like VMware or Virtual Platform.
  3. Once completed, go to File then Build BIOS and save the patched BIOS somewhere. Don't overwrite the original file!
  4. Now within the *.vmx config file, make sure to add the new patched BIOS location for the bios440.filename argument line.

Set Custom CPUID (optional)

image

Add the following into your *.vmx

bios440.filename = "C:\<path_to_your_bios_file>\BIOS.440.PATCH.ROM"
hypervisor.cpuid.v0 = "FALSE"
smbios.reflectHost = "TRUE"
ethernet0.address = "00:C0:CA:A7:2B:9E"
isolation.tools.getPtrLocation.disable = "TRUE"
isolation.tools.setPtrLocation.disable = "TRUE"
isolation.tools.setVersion.disable = "TRUE"
isolation.tools.getVersion.disable = "TRUE"
monitor_control.restrict_backdoor = "TRUE"
monitor_control.virtual_rdtsc = "FALSE"

IMPORTANT

Run these scripts:

ExecutionPolicy Modifier:

Set-ExecutionPolicy -ExecutionPolicy Bypass -Scope Process -Force
</details> <details> <summary>QEMU/KVM & PCIe Passthru</summary> <details> <summary>QEMU/KVM Guide</summary>

Make sure to install curl

Arch - sudo pacman -S --noconfirm curl
Debian - sudo apt install -y curl
Fedora - sudo dnf install -y curl

1. Required Virtualization Packages

Arch

sudo pacman -S --noconfirm qemu-base edk2-ovmf libvirt dnsmasq virt-manager

Debian

sudo apt -y install qemu-system-x86 ovmf virt-manager libvirt-clients libvirt-daemon-system libvirt-daemon-config-network

Fedora

sudo dnf -yq install @virtualization

2. Enabling libvirt

Configuring Libvirt

libvirtd_conf='/etc/libvirt/libvirtd.conf'
sudo sed -i '/unix_sock_group/s/^#//g' "$libvirtd_conf"
sudo sed -i '/unix_sock_rw_perms/s/^#//g' "$libvirtd_conf"

qemu_conf='/etc/libvirt/qemu.conf'
sudo sed -i "s/#user = \"root\"/user = \"$(whoami)\"/" "$qemu_conf"
sudo sed -i "s/#group = \"root\"/group = \"$(whoami)\"/" "$qemu_conf"

Setting up QEMU/KVM driver

sudo usermod -aG kvm,libvirt "$(whoami)"
sudo systemctl enable --now libvirtd.socket
sudo virsh net-autostart default

3. Dependencies

Arch

sudo pacman -S --noconfirm base-devel glib2 ninja python-sphinx python-sphinx_rtd_theme python-packaging dmidecode libusb

Debian

sudo apt -y install build-essential libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev ninja-build python3-venv libusb-1.0-0-dev

Fedora

sudo dnf -yq install glib2-devel libfdt-devel pixman-devel zlib-devel bzip2 ninja-build python3 libusb1-devel

4. Setting up QEMU

Download & Extract QEMU

cd $HOME/Downloads
curl -sSO "https://download.qemu.org/qemu-8.2.6.tar.xz"
tar xJf "qemu-8.2.6.tar.xz" && cd "qemu-8.2.6"

Download & Apply Custom Patch for QEMU

curl -sSO "https://raw.githubusercontent.com/Scrut1ny/Hypervisor-Phantom/main/v8.2.6.patch"
patch -fsp1 < "v8.2.6.patch"

Spoofing hardcoded USB Serial Numbers

find "$(pwd)/hw/usb" -type f -exec grep -lE '\[(STR|STRING)_SERIALNUMBER\]' {} + | while IFS= read -r file; do
    # Generate a new random serial number
    NEW_SERIAL=$(head /dev/urandom | tr -dc 'A-Z0-9' | head -c 10)

    # Replace all serial number strings in the files
    sed -i -E "s/(\[(STR|STRING)_SERIALNUMBER\] *= *\")[^\"]*/\1${NEW_SERIAL}/" "$file"

    # Print the modification information
    echo -e "\e[32m  Modified:\e[0m '$file' with new serial: \e[32m$NEW_SERIAL\e[0m"
done

Spoofing Drive Model & Serial Numbers

# Define the core file path
core_file="$(pwd)/hw/ide/core.c"

# Generate a new random serial number
NEW_SERIAL=$(head /dev/urandom | tr -dc 'A-Z0-9' | head -c 15)

# Arrays of model strings
IDE_CD_MODELS=(
    "HL-DT-ST BD-RE WH16NS60"
    "HL-DT-ST DVDRAM GH24NSC0"
    "HL-DT-ST BD-RE BH16NS40"
    "HL-DT-ST DVD+-RW GT80N"
    "HL-DT-ST DVD-RAM GH22NS30"
    "HL-DT-ST DVD+RW GCA-4040N"
    "Pioneer BDR-XD07B"
    "Pioneer DVR-221LBK"
    "Pioneer BDR-209DBK"
    "Pioneer DVR-S21WBK"
    "Pioneer BDR-XD05B"
    "ASUS BW-16D1HT"
    "ASUS DRW-24B1ST"
    "ASUS SDRW-08D2S-U"
    "ASUS BC-12D2HT"
    "ASUS SBW-06D2X-U"
    "Samsung SH-224FB"
    "Samsung SE-506BB"
    "Samsung SH-B123L"
    "Samsung SE-208GB"
    "Samsung SN-208DB"
    "Sony NEC Optiarc AD-5280S"
    "Sony DRU-870S"
    "Sony BWU-500S"
    "Sony NEC Optiarc AD-7261S"
    "Sony AD-7200S"
    "Lite-On iHAS124-14"
    "Lite-On iHBS112-04"
    "Lite-On eTAU108"
    "Lite-On iHAS324-17"
    "Lite-On eBAU108"
    "HP DVD1260i"
    "HP DVD640"
    "HP BD-RE BH30L"
    "HP DVD Writer 300n"
    "HP DVD Writer 1265i"
)

IDE_CFATA_MODELS=(
    "SanDisk Ultra microSDXC UHS-I"
    "SanDisk Extreme microSDXC UHS-I"
    "SanDisk High Endurance microSDXC"
    "SanDisk Industrial microSD"
    "SanDisk Mobile Ultra microSDHC"
    "Samsung EVO Select microSDXC"
    "Samsung PRO Endurance microSDHC"
    "Samsung PRO Plus microSDXC"
    "Samsung EVO Plus microSDXC"
    "Samsung PRO Ultimate microSDHC"
    "Kingston Canvas React Plus microSD"
    "Kingston Canvas Go! Plus microSD"
    "Kingston Canvas Select Plus microSD"
    "Kingston Industrial microSD"
    "Kingston Endurance microSD"
    "Lexar Professional 1066x microSDXC"
    "Lexar High-Performance 633x microSDHC"
    "Lexar PLAY microSDXC"
    "Lexar Endurance microSD"
    "Lexar Professional 1000x microSDHC"
    "PNY Elite-X microSD"
    "PNY PRO Elite microSD"
    "PNY High Performance microSD"
    "PNY Turbo Performance microSD"
    "PNY Premier-X microSD"
    "Transcend High Endurance microSDXC"
    "Transcend Ultimate microSDXC"
    "Transcend Industrial Temp microSD"
    "Transcend Premium microSDHC"
    "Transcend Superior microSD"
    "ADATA Premier Pro microSDXC"
    "ADATA XPG microSDXC"
    "ADATA High Endurance microSDXC"
    "ADATA Premier microSDHC"
    "ADATA Industrial microSD"
    "Toshiba Exceria Pro microSDXC"
    "Toshiba Exceria microSDHC"
    "Toshiba M203 microSD"
    "Toshiba N203 microSD"
    "Toshiba High Endurance microSD"
)

DEFAULT_MODELS=(
    "Samsung SSD 970 EVO 1TB"
    "Samsung SSD 860 QVO 1TB"
    "Samsung SSD 850 PRO 1TB"
    "Samsung SSD T7 Touch 1TB"
    "Samsung SSD 840 EVO 1TB"
    "WD Blue SN570 NVMe SSD 1TB"
    "WD Black SN850 NVMe SSD 1TB"
    "WD Green 1TB SSD"
    "WD My Passport SSD 1TB"
    "WD Blue 3D NAND 1TB SSD"
    "Seagate BarraCuda SSD 1TB"
    "Seagate FireCuda 520 SSD 1TB"
    "Seagate One Touch SSD 1TB"
    "Seagate IronWolf 110 SSD 1TB"
    "Seagate Fast SSD 1TB"
    "Crucial MX500 1TB 3D NAND SSD"
    "Crucial P5 Plus NVMe SSD 1TB"
    "Crucial BX500 1TB 3D NAND SSD"
    "Crucial X8 Portable SSD 1TB"
    "Crucial P3 1TB PCIe 3.0 3D NAND NVMe SSD"
    "Kingston A2000 NVMe SSD 1TB"
    "Kingston KC2500 NVMe SSD 1TB"
    "Kingston A400 SSD 1TB"
    "Kingston HyperX Savage SSD 1TB"
    "Kingston DataTraveler Vault Privacy 3.0 1TB"
    "SanDisk Ultra 3D NAND SSD 1TB"
    "SanDisk Extreme Portable SSD V2 1TB"
    "SanDisk SSD PLUS 1TB"
    "SanDisk Ultra 3D 1TB NAND SSD"
    "SanDisk Extreme Pro 1TB NVMe SSD"
)

# Function to get a random element from an array
get_random_element() {
    local array=("$@")
    echo "${array[RANDOM % ${#array[@]}]}"
}

# Select random models
NEW_IDE_CD_MODEL=$(get_random_element "${IDE_CD_MODELS[@]}")
NEW_IDE_CFATA_MODEL=$(get_random_element "${IDE_CFATA_MODELS[@]}")
NEW_DEFAULT_MODEL=$(get_random_element "${DEFAULT_MODELS[@]}}")

# Replace the "QM" string with the new serial number in core.c
sed -i -E "s/\"[^\"]*%05d\", s->drive_serial\);/\"$NEW_SERIAL%05d\", s->drive_serial\);/" "$core_file"

# Spoof the IDE_CD drive model string
sed -i -E "s/\"HL-DT-ST BD-RE WH16NS60\"/\"$NEW_IDE_CD_MODEL\"/" "$core_file"

# Spoof the IDE_CFATA drive model string
sed -i -E "s/\"MicroSD J45S9\"/\"$NEW_IDE_CFATA_MODEL\"/" "$core_file"

# Spoof the default drive model string
sed -i -E "s/\"Samsung SSD 980 500GB\"/\"$NEW_DEFAULT_MODEL\"/" "$core_file"

# Print the modification information
echo -e "\e[32m  Modified:\e[0m '$core_file' with new serial: \e[32m$NEW_SERIAL\e[0m"
echo -e "\e[32m  Modified:\e[0m '$core_file' with new IDE_CD model: \e[32m$NEW_IDE_CD_MODEL\e[0m"
echo -e "\e[32m  Modified:\e[0m '$core_file' with new IDE_CFATA model: \e[32m$NEW_IDE_CFATA_MODEL\e[0m"
echo -e "\e[32m  Modified:\e[0m '$core_file' with new default model: \e[32m$NEW_DEFAULT_MODEL\e[0m"

Spoofing ACPI Table Strings

# Array of ACPI Pairs
pairs=(
    'DELL  ' 'Dell Inc' # Dell
    'ALASKA' 'A M I '   # AMD
    'INTEL ' 'U Rvp   ' # Intel
    ' ASUS ' 'Notebook' # Asus
    'MSI NB' 'MEGABOOK' # MSI
    'LENOVO' 'TC-O5Z  ' # Lenovo
    'LENOVO' 'CB-01   ' # Lenovo
    'SECCSD' 'LH43STAR' # ???
    'LGE   ' 'ICL     ' # LG
)

# Generate a random index to select a pair
total_pairs=$((${#pairs[@]} / 2))
random_index=$((RANDOM % total_pairs * 2))

# Extract the randomly selected pair
appname6=${pairs[$random_index]}
appname8=${pairs[$random_index + 1]}

# Replace the "BOCHS" "BXPC" strings in aml-build.h
file="$(pwd)/include/hw/acpi/aml-build.h"
sed -i "s/^#define ACPI_BUILD_APPNAME6 \".*\"/#define ACPI_BUILD_APPNAME6 \"$appname6\"/" "$file"
sed -i "s/^#define ACPI_BUILD_APPNAME8 \".*\"/#define ACPI_BUILD_APPNAME8 \"$appname8\"/" "$file"

# Print the modifications
echo -e "\e[32m  Modified:\e[0m '$file' with new values:"
echo -e "  \e[32m#define ACPI_BUILD_APPNAME6 \"$appname6\"\e[0m"
echo -e "  \e[32m#define ACPI_BUILD_APPNAME8 \"$appname8\"\e[0m"

Spoofing CPUID Manufacturer Signature Strings

# Define the file path
kvm_file="$(pwd)/target/i386/kvm/kvm.c"

# Obtain the CPU Vendor ID
vendor_id=$(lscpu | awk -F': +' '/Vendor ID/ {print $2}')

# Replace the signature strings in kvm.c
sed -i -E "s/(memcpy\(signature, \")[^\"]*(\", 12\);)/\1$vendor_id\2/" "$kvm_file"

# Print the modification information
echo -e "\e[32m  Modified:\e[0m '$kvm_file' with new signature: \e[32m$vendor_id\e[0m"

Spoofing CPUID Manufacturer Model Name Strings

# Define the file path
q35_file="$(pwd)/hw/i386/pc_q35.c"

# Obtain the CPU Model Name
manufacturer=$(sudo dmidecode -t 4 | grep 'Manufacturer:' | awk -F': +' '{print $2}')

# Replace the Manufacturer string in pc_q35.c
sed -i "s/smbios_set_defaults(\"[^\"]*\",/smbios_set_defaults(\"$manufacturer\",/" "$q35_file"

# Print the modification information
echo -e "\e[32m  Modified:\e[0m '$q35_file' with new signature: \e[32m$manufacturer\e[0m"

5. Building & Installing QEMU

./configure --target-list=x86_64-softmmu --enable-libusb --disable-werror
sudo make install -j"$(nproc)"

6. Clean up (Optional)

cd .. && sudo rm -rf "qemu-8.2.6" "qemu-8.2.6.tar.xz"
</details> <details> <summary>PCIe Passthru Guide</summary>

Online PCIe Passthrough Guides

1. Make sure to enable the following in the host UEFI/BIOS

AMD CPUIntel CPU
IOMMUVT-D
NXVT-X
SVM

Requirements

LC_ALL=C lscpu | grep Virtualization && egrep -c '(vmx|svm)' /proc/cpuinfo
lspci -nn | grep "NVIDIA"

or

#!/bin/bash
shopt -s nullglob
for g in /sys/kernel/iommu_groups/*; do
    echo "IOMMU Group ${g##*/}:"
    for d in $g/devices/*; do
        echo -e "\t$(lspci -nns ${d##*/})"
    done;
done;

Modify grub.cfg

sudo nano /etc/default/grub

image

Update grub.cfg & reboot

sudo update-grub && sudo reboot now

Modify vfio.conf (isolate GPU)

sudo nano /etc/modprobe.d/vfio.conf

image

Update initramfs

sudo update-initramfs -c -k $(uname -r) && sudo reboot now

Check kernal driver in use for the isolated GPU (should be vfio-pci)

lspci -k | grep -E "vfio-pci|NVIDIA"
</details> <details> <summary>VMM Guide</summary>

Virtual Machine Manager Guide

  1. Create a new virtual machine
  2. Local install media (ISO image or CDROM)
  3. Select a Windows ISO and enter the OS you're using
  4. Set a realistic amount of RAM (make sure its half of the full amount)
GBMBs
88192
1616384
3232768
  1. Set 1 less of the maximum amount of CPUs available
  2. Set a virtual disk size of above 250GB+
  3. Select "Customize configuration before install" and finish
  4. Select UEFI x86_64:/usr/share/OVMF/OVMF_CODE_4M.ms.fd for the Firmware, then apply 8a. If you want to use Windows 11 you need to use UEFI x86_64:/usr/share/qemu/edk2-x86_64-secure-code.fd instead
  5. Under CPUs, check Copy host CPU configuration (host-passthrough) 9a. Drop down Topology and check Manually set CPU topology then input whatever works with your system, then apply
Sockets:Cores:Threads:
1XX
  1. Under Boot Options check SATA CDROM 1, then apply
  2. Under SATA Disk 1 and SATA CDROM 1 drop down Advanced options and set a random custom serial #, then apply
  3. Under NIC:XX:XX:XX select the drop down menu and pick hypervisor default 12a. Set a custom MAC address, make sure the vendor isn't a hypervisor vendor! then apply
  4. Select Add Hardware and under PCI Host Device add ALL devices under the isolated GPU IOMMU group you figured out earlier
  5. Now select Begin Installation, and enjoy your new undetectable windows system!

QEMU XML Config

<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
   <!-- You should keep the RAM amount at a realistic value: 16, 12, 8, 6, 4 GiB are all more or less common -->
  <memory unit="G">12</memory>
  <currentMemory unit="G">12</currentMemory>
  <!-- ... -->

  <os>
    <smbios mode="host"/>
  </os>

  <features>
    <acpi/>
    <apic/>
    <!-- set mode to "passthrough" if you use nested-virtualization to protect against timing attacks -->
    <hyperv mode="custom">
      <relaxed state="on"/>
      <vapic state="on"/>
      <spinlocks state="on" retries="8191"/>
      <vpindex state="on"/>
      <runtime state="on"/>
      <synic state="on"/>
      <stimer state="on"/>
      <reset state="on"/>
      <vendor_id state="on" value=""/>
      <frequencies state="on"/>
    </hyperv>
    <kvm>
      <hidden state="on"/>
    </kvm>
    <vmport state="off"/>
  </features>

  <cpu mode="host-passthrough" check="none">
    <topology sockets="1" dies="1" cores="8" threads="2"/>
    <cache mode="passthrough"/>
    <feature policy="disable" name="hypervisor"/>
    <feature policy="require" name="invtsc"/>
    <feature policy="require" name="topoext"/>
    <feature policy="require" name="svm"/> <!-- If you use Intel CPU, change "svm" to "vmx" -->
  </cpu>

  <clock offset="localtime">
    <timer name="tsc" present="yes" mode="native"/>
    <timer name="hypervclock" present="yes"/>
  </clock>

  <!-- Emulates suspend functionality present on real hardware -->
  <pm>
    <suspend-to-mem enabled="yes"/>
    <suspend-to-disk enabled="yes"/>
  </pm>

  <devices>
    <!-- You can compile QEMU multiple times with different patches
      as long as you point libvirt to the correct one -->
    <emulator>/root/spoofed/qemu-system-x86_64</emulator>
    <!-- If you have a second drive and a little bit of luck,
     you could pass through the SATA/NVMe controller and have better performance than VirtIO + stay hidden -->
    <disk type="file" device="disk"> <!-- Use block devices (partitons) for better performance -->
      <driver name="qemu" type="raw" cache="none" io="native" discard="unmap"/> <!-- use io="threads" in block mode: https://events19.lfasiallc.com/wp-content/uploads/2017/11/Storage-Performance-Tuning-for-FAST-Virtual-Machines_Fam-Zheng.pdf -->
      <source file="/var/lib/libvirt/images/win10.img"/>
      <!-- Use SATA to avoid using the VirtIO driver -->
      <target dev="sda" bus="sata"/>
      <!-- Set a custom serial for every VM -->
      <serial>590347474223828</serial>
      <boot order="1"/>
      <address type="drive" controller="0" bus="0" target="0" unit="0"/>
    </disk>

    <interface type="network">
      <!-- Set a custom MAC address for every VM -->
      <mac address="f0:bc:8e:cd:6e:ec"/>
      <source network="default"/>
      <!-- Again, don't use VirtIO -->
      <model type="e1000e"/>
      <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
    </interface>

    <!-- TPM in passthrough mode is the most well hidden option for Windows 11 -->
    <tpm model="tpm-tis">
      <backend type="passthrough">
        <device path="/dev/tpm0"/>
      </backend>
    </tpm>

    <!-- Other devices -->

    <memballoon model="none"/>
  </devices>

  <qemu:commandline>
    <qemu:arg value="-smbios"/>
    <!-- Replace with your output of `# dmidecode -t 17` -->
    <qemu:arg value="type=17,manufacturer=KINGSTON,loc_pfx=DDR4,speed=3200,serial=XXXXXX,part=XXXX"/>
  </qemu:commandline>
  <qemu:override>
    <qemu:device alias="sata0-0-0">
      <qemu:frontend>
        <qemu:property name="rotation_rate" type="unsigned" value="1"/>
      </qemu:frontend>
    </qemu:device>
  </qemu:override>
</domain>
</details> <details> <summary>Looking Glass Guide</summary>

Looking Glass Setup Guide

Add this to your .XML file in the devices section:

    <shmem name='looking-glass'>
      <model type='ivshmem-plain'/>
      <size unit='M'>32</size>
    </shmem>

image

Dependencies

sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y && sudo apt install -y binutils-dev cmake fonts-dejavu-core libfontconfig-dev gcc g++ pkg-config libegl-dev libgl-dev libgles-dev libspice-protocol-dev nettle-dev libx11-dev libxcursor-dev libxi-dev libxinerama-dev libxpresent-dev libxss-dev libxkbcommon-dev libwayland-dev wayland-protocols libpipewire-0.3-dev libpulse-dev libsamplerate0-dev

Create a new file

sudo nano /etc/tmpfiles.d/10-looking-glass.conf
# Type Path               Mode UID  GID Age Argument

f /dev/shm/looking-glass 0660 user kvm -

Granting Permissions

touch /dev/shm/looking-glass && chown $USER:kvm /dev/shm/looking-glass && chmod 660 /dev/shm/looking-glass

Download/Build/Install LookingGlass

curl -sSL https://looking-glass.io/artifact/stable/source -o latest.tar.gz && tar -zxvf latest.tar.gz && rm -rf latest.tar.gz

cd looking-glass-* && mkdir client/build && cd client/build && cmake ../ && make && sudo make install

./looking-glass-client

Testing it out...

</details> </details> </details> </details> <details> <summary>Important Tips</summary> </details> <details> <summary>Useful Software</summary> </details>

References & Help

<details> <summary>General</summary> </details> <details> <summary>VirtualBox</summary> </details> <details> <summary>VMware</summary> </details> <details> <summary>QEMU</summary> </details>

Common Error Solutions

<details> <summary>Unable to complete install: 'internal error: cannot load AppArmor profile '{UUID}''</summary>
#       security_driver = [ "selinux", "apparmor" ]
#security_driver = "selinux"
security_driver = "none"
systemctl restart libvirtd.service
</details> <details> <summary>NVIDIA Error 43</summary>
<vendor_id state="on" value="AuthenticAMD"/>
</details> <details> <summary>Error starting domain: internal error: qemu unexpectedly closed the monitor:</summary>
Error starting domain: internal error: qemu unexpectedly closed the monitor: 2021-08-02T17:52:25.005284Z qemu-system-x86_64: backing store size 0x2000000 does not match ‘size’ option 0x4000000

Step 1:

rm /dev/shm/looking-glass

Step 2:

    <shmem name="looking-glass">
      <model type="ivshmem-plain"/>
      <size unit="M">128</size>
      <address type="pci" domain="0x0000" bus="0x10" slot="0x01" function="0x0"/>
    </shmem>

Step 3:

touch /dev/shm/looking-glass && sudo chown $USER:kvm /dev/shm/looking-glass && chmod 660 /dev/shm/looking-glass
</details> <details> <summary>Elgato Capture Card - OBS Black Screen</summary>

Step 1:

Download & Install the latest 4K CAPTURE UTILITY software from Elgato downloads page

Step 2:

Open Elgato 4K Capture Utility software and let the software initialize the UVC device and firmware.

Step 3:

Now select the settings icon on the top right of the software utility, and select Check for Updates.... (It should do it automatically already, but just make sure the firmware is on the latest version available.)

Step 4 (for Linux users):

Connect the capture card device back to your Linux host system now and open OBS, you should now see a valid output instead of a black screen.

Elgato Gaming Hardware Drivers

DeviceDriver Status
Elgato Cam LinkNo driver since it's a UVC device
Elgato Cam Link 4KNo driver since it's a UVC device
Elgato Cam Link ProLatest Elgato Cam Link Pro Drivers for Windows
Elgato Game Capture HDLatest Elgato Game Capture HD Drivers for Windows
Elgato Game Capture HD60Latest Elgato Game Capture HD60 Drivers for Windows
Elgato Game Capture HD60 SLatest Elgato Game Capture HD60 S Drivers for Windows
Elgato Game Capture HD60 S+No driver since it's a UVC device
Elgato Game Capture HD60 ProLatest Elgato Game Capture HD60 Pro Drivers
Elgato Game Capture HD60 XNo driver since it's a UVC device
Elgato Game Capture 4K60 ProLatest Elgato Game Capture 4K60 Pro Drivers
Elgato Game Capture 4K60 Pro MK.2Latest Elgato Game Capture 4K60 Pro MK.2 Drivers
Elgato Game Capture 4K60 S+Latest Elgato Game Capture 4K60 S+ Drivers
Elgato 4K ProLatest Elgato 4K Pro Drivers
</details>

Misc. Stuff

<details> <summary>CompTIA Certification Stuff</summary>

CompTIA Certification Information:

image

Valid Coupon Codes:

MCGRAW10
SECURITYVUE

Exam Study Resource Websites

Exam Dump Websites

Security+

ChatGPT Prompt

I'll provide questions with possible answers, I need you to reply with only the correct answer(s). Just state the answer; no explanations.

Search Engine Prompts

Security+

CompTIA Security+ SY0-701 Quizlet

Attack Description Network Infection

Network+

CompTIA Network+ N10-008 Quizlet

A+

CompTIA A+ 220-1101 Quizlet
CompTIA A+ 220-1102 Quizlet
</details> <details> <summary>Pearson VUE (OnVUE)</summary>

Pearson OnVUE Online Exam Tips

Before Your Exam:

Common Mistakes:

General Info:

Example video of the OnVUE setup process:

https://github.com/Scrut1ny/Hypervisor-Phantom/assets/53458032/c7f0901b-bb61-4806-9efc-655ea50b5547

</details> <details> <summary>Schedule an exam (OnVUE) Steps</summary>

Step 1

image

Step 2

image image

Step 3

image

Step 4

image

Step 5

image

Step 6

image

Step 7

image

Step 8

image

</details> <details> <summary>Taking an exam (OnVUE) Steps</summary>

Step 1

image

Step 2

image

Step 3

image

Step 4

image

Step 5

image

Step 6

image

Step 7

image

Step 8

image

Step 9

image

Step 10

image

Step 11

image

Step 12

image

</details> <details> <summary>Renewing Multiple Certifications Steps</summary>

image

</details>