killchain-compendium/misc/sandbox_evasion.md

43 lines
622 B
Markdown
Raw Normal View History

2022-05-10 00:08:57 +02:00
# Sandbox Evasion
* Evade the usual checks that will be run on you malware
## Sleeping
* [checkpoint](https://evasions.checkpoint.com/techniques/timing.html)
* [joesecurity](https://www.joesecurity.org/blog/660946897093663167)
## Geolocation
* Check the IP of the machine
* Check the block of the ISP via
```sh
https://rdap.arin.net/registry/ip/<IPBlock>
```
## System Info
* Check system info like
```sh
hostname
user
serial number
software versions
hardware specs
product keys
```
## Network Info
* Check all available network info like
```sh
interfaces
traffic
groups
domain admins
enterprise admins
dns
```