Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

CheckPlease - Payload-Agnostic Sandbox Detection

BSidesLV via YouTube

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore payload-agnostic sandbox detection techniques in this 40-minute conference talk from BSidesLV 2017. Delve into topics such as implant security, sandbox evasion strategies, and encryption methods like Ebola and Hyperion. Learn about foot delay analysis, process profiling, and various detection methods including registry size checks, user activity monitoring, and mouse position tracking. Discover practical implementations in Python, PowerShell, and Ruby, and examine tools like Veil for creating undetectable payloads. Gain insights into flat payload structures, user prompts, and source code analysis techniques to enhance your understanding of sandbox detection and evasion.

Syllabus

Intro
Sandbox Detection
Implant Security Repository
Sleeping
Sandbox evasion 101
Encryption
Ebola
Hyperion
Foot Delay Analysis
Running the Code
How it Works
Demo
Example
Building a profile
Process names
PowerShell example
Windows Updates
Registry Size
User Activity
Maskless
Python
PowerShell
Mouse Position
Lazy dll
Popup box
Popup box Ruby
Message box Ruby
Veil
Pull Request
Demo God
Flat payloads
User prompt
Check source code
Run code

Taught by

BSidesLV

Reviews

Start your review of CheckPlease - Payload-Agnostic Sandbox Detection

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.