A type-1 hypervisor is a software layer that sits between the guest operating systems and system's hardware. (Citation: Wikipedia Hypervisor) It presents a virtual running environment to an operating system. An example of a common hypervisor is Xen. (Citation: Wikipedia Xen) A type-1 hypervisor operates at a level below the operating system and could be designed with [Rootkit](https://attack.mitre.org/techniques/T1014) functionality to hide its existence from the guest operating system. (Citation: Myers 2007) A malicious hypervisor of this nature could be used to persist on systems through interruption.
PowerShell command to check if Hyper-v is installed . Install Hyper-V feature. Create a New-VM
Supported Platforms: Windows
| Name | Description | Type | Default Value |
|---|---|---|---|
| hostname | Host to query to see if Hyper-V feature is installed. | string | test-vm |
| vm_name | Create a new VM. | string | testvm |
| file_location | Location of new VHDX file | string | C:\Temp\test.vhdx |
Get-WindowsFeature -Name Hyper-V -ComputerName #{hostname}
Install-WindowsFeature -Name Hyper-V -ComputerName #{hostname} -IncludeManagementTools
New-VM -Name #{vm_name} -MemoryStartupBytes 1GB -NewVHDPath #{file_location} -NewVHDSizeBytes 21474836480