killchain-compendium/Miscellaneous/Sandbox Evasion.md

Sandbox Evasion

• Evade the usual checks that will be run on you malware

Sleeping

• checkpoint
• joesecurity

Geolocation

• Check the IP of the machine
• Check the block of the ISP via

https://rdap.arin.net/registry/ip/<IPBlock>

System Info

• Check system info like

hostname
user
serial number
software versions
hardware specs
product keys

Network Info

• Check all available network info like

interfaces
traffic
groups
domain admins
enterprise admins
dns