Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection.

Evasions encyclopedia gathers methods used by malware to evade detection when run in virtualized environment. Methods are grouped into categories for ease of searching and understanding. Also provided are code samples, signature recommendations and countermeasures within each category for the described techniques.

Sandbox evasion code snippets developped in Golang

I completely russified and modified njrat and added an interface I am not criminally responsible for what you do with my program

Sandbox/Heuristic PowerShell Bypass

The RDP-Stealer is C++ malware that targets Remote Desktop Protocol (RDP) processes. It acts as a keystroke logger, capturing credentials provided by users in RDP and sending back encrypted data to a C2 server.

This is another proof of concept that ties into real world methodologies used by threat actors to evade sandbox's

A RAM-only, AI-enhanced, stealth operating environment for red team simulations and cyber defense training.

A tool for stealth persistence and bypassing security controls on Windows systems through shadow cache manipulation and direct syscall invocation.

This repository contains a PowerShell script designed to detect sandbox environments and terminate execution when identified. It includes multiple obfuscation techniques to simulate real threat actor behavior, aiding in the study of anti-sandbox strategies. 🛡️💻

The repository presents a toolkit meant to help researchers combat evasion techniques used by macOS malware