# 3. Delay Execution

A common technique used to evade sandbox detection is adding a delay. The idea here is to stop execution before performing any malicious action. This will cause the Sandbox checks to timeout and not flag our payload as malicious. 

There are a few issues with this technique:

* The Antivirus might detect that the executable has a sleep in the main function and therefore flag it as malicious. 
  * I found any sleep functions to be for effective when they are called within a wrapper function outside the main()
* Some AV engines will speed up the the sleep function (more sandbox evasion opportunities) 

Let's explore some code examples in GO. 

Part of the golang standard library is the package [time](https://pkg.go.dev/time). This package has a few functions that could be useful