How to identify that you’re running under a VM?
A lot of the research on this is dedicated to detecting so-called “blue pill” attacks, that is, a malicious hypervisor that is actively attempting to evade detection. The classic trick to detect a VM is to populate the ITLB, run an instruction that must be virtualized (which necessarily clears out such processor state when it … Read more