Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Cracked5pider/Ekko
Sleep Obfuscation
https://github.com/Cracked5pider/Ekko
Last synced: 21 days ago
JSON representation
Sleep Obfuscation
- Host: GitHub
- URL: https://github.com/Cracked5pider/Ekko
- Owner: Cracked5pider
- Archived: true
- Created: 2022-06-17T23:19:29.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-12-03T18:14:03.000Z (about 1 year ago)
- Last Synced: 2024-08-05T17:54:57.951Z (4 months ago)
- Language: C
- Size: 142 KB
- Stars: 648
- Watchers: 13
- Forks: 99
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
- awesome-hacking-lists - Cracked5pider/Ekko - Sleep Obfuscation (C)
README
Ekko
A small sleep obfuscation technique that uses `CreateTimerQueueTimer` Win32 API.
Proof of Concept. Can be done better.
### NOTE
This implementation has known flawes.
So I wouldn't recommend using it without knowing how it works or know how to spot and fix those flaws.
TLDR: don't copy and past it into your implants.
### Credit
- [Austin Hudson (@SecIdiot)](https://twitter.com/ilove2pwn_) https://suspicious.actor/2022/05/05/mdsec-nighthawk-study.html
- Originally discovered by [Peter Winter-Smith](peterwintrsmith) and used in MDSec’s Nighthawk