killchain-compendium/Miscellaneous/Sandbox Evasion.md

# Sandbox Evasion

* Evade the usual checks that will be run on you malware

## Sleeping

* [checkpoint](https://evasions.checkpoint.com/techniques/timing.html)
* [joesecurity](https://www.joesecurity.org/blog/660946897093663167)

## Geolocation

* Check the IP of the machine
* Check the block of the ISP via
```sh
https://rdap.arin.net/registry/ip/<IPBlock>
```

## System Info

* Check system info like
```sh
hostname
user
serial number
software versions
hardware specs
product keys
```

## Network Info

* Check all available network info like
```sh
interfaces
traffic
groups
domain admins
enterprise admins
dns
```
restructured Misc and RevShells 2022-11-13 16:00:22 +01:00			`# Sandbox Evasion`

			`* Evade the usual checks that will be run on you malware`

			`## Sleeping`

			`* [checkpoint](https://evasions.checkpoint.com/techniques/timing.html)`
			`* [joesecurity](https://www.joesecurity.org/blog/660946897093663167)`

			`## Geolocation`

			`* Check the IP of the machine`
			`* Check the block of the ISP via`
			```sh
			`https://rdap.arin.net/registry/ip/<IPBlock>`
			```

			`## System Info`

			`* Check system info like`
			```sh
			`hostname`
			`user`
			`serial number`
			`software versions`
			`hardware specs`
			`product keys`
			```

			`## Network Info`

			`* Check all available network info like`
			```sh
			`interfaces`
			`traffic`
			`groups`
			`domain admins`
			`enterprise admins`
			`dns`
			```