🛠️Sandbox Evasion

MITRE ATT&CK™ Virtualization/Sandbox Evasion- Technique T1497

Theory

One of the most creative and effective ways that Blue Teamers have come up with to analyze suspicious-looking files is in the category of Dynamic Analysis. This method involves running the file in a containerized (or virtualized) environment; This environment is referred to as a Sandbox. Depending on the sandbox of choice, you may be able to customize what version of Windows is running, the software installed on the machine, and much more.

Practice

Sleeping through Sandboxes

Geolocation and Geoblocking

Checking System Information

Querying Network Information

Resources

Last updated 3 months ago