From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Unlock the full course today

Join today to access over 22,600 courses taught by industry experts or purchase this course individually.

Checking for oversight

Checking for oversight

From the course: Ethical Hacking: Evading IDS, Firewalls, and Honeypots

Start my 1-month free trial

Checking for oversight

- [Instructor] Storing malware on a live system in order to analyze it can be dangerous as one misstep might mean a complete network is rapidly infected. Consequently, an isolated environment, such as a virtual machine, is often used to provide protection. Similarly, a sandbox appliance can be used to safely execute attachments before they're allowed to enter the organizational network. Unsurprisingly, malware authors have responded to this, and so malware is often designed to detect isolated environments. A simple way of checking is to issue the CpuId assembler instruction, which provides details of the hypervisor brand. Additional areas which may indicate virtualization include registry entries and network adapters. The malware may also look for specific configuration files. There are many other signs of virtualization or sandboxing which have been used to take evasive action. There are a number of actions malware can…

Contents