Cronos
This project was co-authored by
Description
PoC for a new sleep obfuscation technique (based on Ekko) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.
A more detailed explanation will be available in the blog post (COMING SOON).
Usage
To use it, all you have to do is to include Cronos in your project and use it like so:
#include "Cronos.h"
int main() {
int timesToExecute = 1337;
int seconds = 10;
for (int i = 0; i < timesToExecute; i++) {
CronosSleep(seconds);
// YOUR CODE HERE!
}
}
Setup
To compile it you will need:
After you have all of the above, navigate to the project’s directory and build it with the makefile, the EXE will be in the bin directory.
Visual Studio Setup
-
- Run install_script.bat
-
Add NASMPATH environment variable
- NASMPATH=C:\Users<user>\AppData\Local\bin\NASM\
-
Open Visual Studio & Configure Settings
- Tools > Options > Projects and Solutions > VC++ Project Settings > Build Customization Search Path
- Set to %NASMPATH%;0
-
You can also install AsmDude extension for syntax highlighting into .asm files.
Contributors
Thanks a lot to those people that contributed to this project:
Resources
原文始发于GitHub:Cronos:一种对抗内存扫描的新的睡眠时混淆技术
相关文章
