🛠️Sandbox Evasion
MITRE ATT&CK™ Virtualization/Sandbox Evasion- Technique T1497
Theory
One of the most creative and effective ways that Blue Teamers have come up with to analyze suspicious-looking files is in the category of Dynamic Analysis. This method involves running the file in a containerized (or virtualized) environment; This environment is referred to as a Sandbox. Depending on the sandbox of choice, you may be able to customize what version of Windows is running, the software installed on the machine, and much more.
Practice
Sleeping through Sandboxes
Geolocation and Geoblocking
Checking System Information
Querying Network Information
Resources
Last updated