# Sandbox Evasion

* Evade the usual checks that will be run on you malware

## Sleeping

* [checkpoint](https://evasions.checkpoint.com/techniques/timing.html)
* [joesecurity](https://www.joesecurity.org/blog/660946897093663167)

## Geolocation

* Check the IP of the machine
* Check the block of the ISP via
```sh
https://rdap.arin.net/registry/ip/<IPBlock>
```

## System Info

* Check system info like
```sh
hostname
user
serial number
software versions
hardware specs
product keys
```

## Network Info

* Check all available network info like
```sh
interfaces
traffic
groups
domain admins
enterprise admins
dns
```