Skip to main content
Virus Hunter: Code Defender installs real persistence mechanisms and opens a real reverse shell. It must only be run inside a dedicated virtual machine on a network that is isolated from your personal and work systems.

Why a VM is required

The game is a working cybersecurity demonstration, not a simulation. When you start it:
  • A reverse shell connects to your listener machine over TCP.
  • A persistence entry is written to your system (Windows Registry, Linux crontab, or macOS LaunchAgent) so the shell restarts after a reboot.
  • A background process may run after the game window closes.
Running this on a physical host or a shared network risks exposing your files, credentials, and other machines to the shell session.

VirtualBox

Free and cross-platform. Download from virtualbox.org. Any guest OS supported by VirtualBox works.

VMware

VMware Workstation Player (free for personal use) or VMware Fusion on macOS. Supports Windows and Linux guests.
Any Linux or Windows VM is suitable as the game host. A minimal install is fine — the only requirements are Python 3 and the game’s dependencies.

Network configuration

Take a snapshot before running

Before starting the game for the first time, take a snapshot of the VM in its clean state. This gives you a one-click restore point if cleanup fails or if you want to repeat the exercise from scratch.
1

VirtualBox

With the VM powered off or saved, go to Machine → Take Snapshot. Name it something like clean-baseline.
2

VMware

Go to VM → Snapshot → Take Snapshot. Give it a descriptive name.

What the game does to the system

ActionDetail
Reverse shellConnects outbound to --host on port 5050. Provides a real interactive shell.
Persistence markerCreates cyber_modules/simulated_startup/system_defender_autorun.txt.
Windows RegistryWrites HKCU\...\Run\VirusHunterAgent pointing at the game executable.
Linux crontabAdds an @reboot entry that restarts the shell on boot.
macOS LaunchAgentInstalls com.v-hunter.agent.plist in ~/Library/LaunchAgents/.

How to confirm you’re in a safe environment

Before launching the game, verify:
  • You are inside a VM, not on a physical host.
  • The VM network adapter is set to host-only or NAT (not bridged to a production LAN).
  • You have taken a snapshot of the clean VM state.
  • The --host IP points to your listener machine, not to any shared infrastructure.
  • You have explicit permission to run penetration-testing tools on this environment (if it’s not solely your own).

What NOT to do

  • Do not run the game on a work computer or any machine with sensitive data.
  • Do not run the game on a corporate or school network without written authorization.
  • Do not share the listener port (5050) with anyone who should not have shell access to the VM.
  • Do not skip the cleanup step — persistence survives reboots.

After-session checklist

1

Run the cleanup tool

python tools/cleanup_tool.py
2

Verify cleanup manually

Follow the platform-specific verification steps in Cleanup tool.
3

Confirm no background processes remain

pgrep -a -f main_game.py
4

Revert to snapshot (optional)

If you want a guaranteed clean state for the next session, restore the VM to the snapshot you took before running the game.

Build docs developers (and LLMs) love

Get started for freeTalk to us