43 lines
622 B
Markdown
43 lines
622 B
Markdown
# Sandbox Evasion
|
|
|
|
* Evade the usual checks that will be run on you malware
|
|
|
|
## Sleeping
|
|
|
|
* [checkpoint](https://evasions.checkpoint.com/techniques/timing.html)
|
|
* [joesecurity](https://www.joesecurity.org/blog/660946897093663167)
|
|
|
|
## Geolocation
|
|
|
|
* Check the IP of the machine
|
|
* Check the block of the ISP via
|
|
```sh
|
|
https://rdap.arin.net/registry/ip/<IPBlock>
|
|
```
|
|
|
|
## System Info
|
|
|
|
* Check system info like
|
|
```sh
|
|
hostname
|
|
user
|
|
serial number
|
|
software versions
|
|
hardware specs
|
|
product keys
|
|
```
|
|
|
|
## Network Info
|
|
|
|
* Check all available network info like
|
|
```sh
|
|
interfaces
|
|
traffic
|
|
groups
|
|
domain admins
|
|
enterprise admins
|
|
dns
|
|
```
|
|
|
|
|