I’ve added a new experimental project to TikiTorch, called TikiVader. I originally thought of “vader” as a play-on for “evade”/“evader”, until I realised TikiVader was never meant to evade anything… but nevermind 😒

The purpose of TikiVader is to provide some pre-canned functions for pulling different environmental variables, as a means of deciding whether the TikiLoader should execute or not. The reason this is not an evasion tactic, is because we’re not obfuscating or encrypting anything using those variables as a key or seed. We’re simply checking to see if we’re in the correct environment before executing, as a safety precaution.

Granted this may allow us to evade some sandbox environments, but since it’s not the primary purpose, your millage will vary.

At present, TikiVader has the ability to:

  • Get the computer Domain Name
  • Get the computer Hostname
  • Get the MAC address of the (first) NIC
  • Guess at whether the computer is physical or virtual

Usage

To use TikiVader with the other Tiki projects, simply add it as a reference. Here’s an example with TikiSpawn.