The Agent Skills Directory

[COMMAND_EXECUTION]: The skill provides detailed C/C++ implementations for evading security sandboxes through environment fingerprinting, including CPUID brand string checks, MAC address prefix validation, and hardware resource detection (RAM, CPU cores, disk size).
[COMMAND_EXECUTION]: It includes advanced anti-debugging code that directly reads the Process Environment Block (PEB), uses NtQueryInformationProcess to detect debuggers, and monitors for hardware breakpoints to thwart active analysis.
[COMMAND_EXECUTION]: The skill implements timing-based evasion techniques such as detecting Sleep() API hooks via RDTSC/GetTickCount comparisons and QueryPerformanceCounter consistency checks to identify accelerated analysis environments.
[COMMAND_EXECUTION]: It provides logic for 'Execution Guardrails' (T1480) that harvest system metadata like computer names, domain membership, and user artifacts to restrict malicious behavior to specific target environments.
[COMMAND_EXECUTION]: The code references the use of direct system calls (syscalls) and techniques like HellsGate or SysWhispers3 to bypass user-mode security hooks in ntdll.dll.
[COMMAND_EXECUTION]: The skill describes a 'Slow-Burn' execution strategy and user interaction detection (mouse movement/keyboard activity) designed to exhaust the finite analysis time available to automated security solutions.

sandbox-evasion-implement