killchain-compendium/misc/sandbox_evasion.md

622 B

Sandbox Evasion

  • Evade the usual checks that will be run on you malware

Sleeping

Geolocation

  • Check the IP of the machine
  • Check the block of the ISP via
https://rdap.arin.net/registry/ip/<IPBlock>

System Info

  • Check system info like
hostname
user
serial number
software versions
hardware specs
product keys

Network Info

  • Check all available network info like
interfaces
traffic
groups
domain admins
enterprise admins
dns