{"id":15060134,"url":"https://github.com/idov31/cronos","last_synced_at":"2025-04-05T03:11:58.341Z","repository":{"id":60129083,"uuid":"541093035","full_name":"Idov31/Cronos","owner":"Idov31","description":"PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.","archived":false,"fork":false,"pushed_at":"2023-09-26T18:06:10.000Z","size":21500,"stargazers_count":580,"open_issues_count":0,"forks_count":62,"subscribers_count":11,"default_branch":"master","last_synced_at":"2025-04-05T03:11:39.377Z","etag":null,"topics":["assembly","c","cyber-security","cybersecurity","encryption","evasion","infosec","red-team","redteam","windows"],"latest_commit_sha":null,"homepage":"https://idov31.github.io/2022/11/06/cronos-sleep-obfuscation.html","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Idov31.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-25T07:42:07.000Z","updated_at":"2025-04-02T07:04:21.000Z","dependencies_parsed_at":"2022-09-25T23:30:42.156Z","dependency_job_id":"da06aa3f-eab4-4004-8c24-7a053dc46bbc","html_url":"https://github.com/Idov31/Cronos","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FCronos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FCronos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FCronos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Idov31%2FCronos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Idov31","download_url":"https://codeload.github.com/Idov31/Cronos/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247280272,"owners_count":20912967,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","c","cyber-security","cybersecurity","encryption","evasion","infosec","red-team","redteam","windows"],"created_at":"2024-09-24T22:53:30.245Z","updated_at":"2025-04-05T03:11:58.327Z","avatar_url":"https://github.com/Idov31.png","language":"C","readme":"# Cronos\n\n![c](https://img.shields.io/badge/C-00599C?style=for-the-badge\u0026logo=c\u0026logoColor=white) ![assembly](https://img.shields.io/badge/ASSEMBLY-ED8B00?style=for-the-badge\u0026logo=Assembly\u0026logoColor=white) ![windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge\u0026logo=windows\u0026logoColor=white)\n\n## This project was co-authored by\n\n[![idov31](https://img.shields.io/badge/Idov31-FF1B2D?style=for-the-badge\u0026logo=Idov31\u0026logoColor=white)](https://github.com/idov31) [![YXEL](https://img.shields.io/badge/YXEL-7D4698?style=for-the-badge\u0026logo=YXEL\u0026logoColor=white)](https://github.com/janoglezcampos)\n\n## Description\n\nPoC for a new sleep obfuscation technique (based on [Ekko](https://github.com/Cracked5pider/Ekko)) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.\n\nA more detailed explanation will be available in the [blog post](https://idov31.github.io/2022/11/06/cronos-sleep-obfuscation.html).\n\n![POC](img/poc.png)\n\n## Usage\n\nTo use it, all you have to do is to include Cronos in your project and use it like so:\n\n```c\n#include \"Cronos.h\"\n\nint main() {\n    int timesToExecute = 1337;\n    int seconds = 10;\n\n    for (int i = 0; i \u003c timesToExecute; i++) {\n        CronosSleep(seconds);\n\n        // YOUR CODE HERE!\n    }\n}\n```\n\n## Setup\n\nTo compile it you will need:\n\n- [NASM](https://www.nasm.us/)\n- [make](https://stackoverflow.com/questions/32127524/how-to-install-and-use-make-in-windows)\n- [VisualStudio Compiler](https://developer.microsoft.com/en-US/windows/downloads/windows-sdk/)\n\nAfter you have all of the above, navigate to the project's directory and build it with the makefile, the EXE will be in the bin directory.\n\n## Visual Studio Setup\n\n- [VSNASM](https://github.com/ShiftMediaProject/VSNASM)\n  - Run install_script.bat\n\n- Add NASMPATH environment variable\n  - NASMPATH=C:\\Users\\\u003cuser\u003e\\AppData\\Local\\bin\\NASM\\\n\n- Open Visual Studio \u0026 Configure Settings\n  - Tools \u003e Options \u003e Projects and Solutions \u003e VC++ Project Settings \u003e Build Customization Search Path\n  - Set to %NASMPATH%;0\n\n- You can also install the [AsmDude](https://marketplace.visualstudio.com/items?itemName=Henk-JanLebbink.AsmDude) extension for syntax highlighting into .ASM files.\n\n## Contributors\n\nThanks a lot to those people that contributed to this project:\n\n- [Orca](https://github.com/ORCx41)\n\n- [Xenov-X](https://github.com/Xenov-X)\n\n## Resources\n\n- [Ekko](https://github.com/Cracked5pider/Ekko)\n- [DeathSleep](https://github.com/janoglezcampos/DeathSleep)\n- [Waitable Timers](https://learn.microsoft.com/en-us/windows/win32/sync/using-a-waitable-timer-with-an-asynchronous-procedure-call)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidov31%2Fcronos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fidov31%2Fcronos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fidov31%2Fcronos/lists"}