Why? If you actually exit the sandbox you'll start leaving traces, and eventually you'll slip and be looked at. That's part of the story EDR vendors sell at least.
You can't deny that you are way more likely to burn the exploit using it on a machine under watch than on a machine that is not...
Why? If you actually exit the sandbox you'll start leaving traces, and eventually you'll slip and be looked at. That's part of the story EDR vendors sell at least.
You can't deny that you are way more likely to burn the exploit using it on a machine under watch than on a machine that is not...
Because most EDR is not designed to catch exploits.