Difference between revisions of "Sandbox Evasion"
|Line 59:||Line 59:|
Revision as of 22:33, 20 October 2016
Sandboxing is one of the most useful security solution, however the best practices are not always followed and malware can easily detect the sandbox environment. Sandbox are often misconfigured. With simple trick like hostname detection, mac address or process detection, malware can detect the environment.
Sandbox evasion capabilities allow malware to stay undetected during sandbox analysis.
Below is a list of all the sandbox evasion techniques in Unprotect Project:
|VMware artifacts||Checking for memory artifacts|
|Vmware artifacts searching|
|Mac address detection|
|Querying the I/O Communication Port|
|Anti-VM x86 Instruction||SIDT|
|Extended sleep code|