Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/idov31/cronos
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
https://github.com/idov31/cronos
assembly c cyber-security cybersecurity encryption evasion infosec red-team redteam windows
Last synced: 3 days ago
JSON representation
PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.
- Host: GitHub
- URL: https://github.com/idov31/cronos
- Owner: Idov31
- License: gpl-3.0
- Created: 2022-09-25T07:42:07.000Z (about 2 years ago)
- Default Branch: master
- Last Pushed: 2023-09-26T18:06:10.000Z (about 1 year ago)
- Last Synced: 2024-12-21T15:07:28.910Z (3 days ago)
- Topics: assembly, c, cyber-security, cybersecurity, encryption, evasion, infosec, red-team, redteam, windows
- Language: C
- Homepage: https://idov31.github.io/2022/11/06/cronos-sleep-obfuscation.html
- Size: 20.5 MB
- Stars: 565
- Watchers: 9
- Forks: 63
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Cronos
![c](https://img.shields.io/badge/C-00599C?style=for-the-badge&logo=c&logoColor=white) ![assembly](https://img.shields.io/badge/ASSEMBLY-ED8B00?style=for-the-badge&logo=Assembly&logoColor=white) ![windows](https://img.shields.io/badge/Windows-0078D6?style=for-the-badge&logo=windows&logoColor=white)
## This project was co-authored by
[![idov31](https://img.shields.io/badge/Idov31-FF1B2D?style=for-the-badge&logo=Idov31&logoColor=white)](https://github.com/idov31) [![YXEL](https://img.shields.io/badge/YXEL-7D4698?style=for-the-badge&logo=YXEL&logoColor=white)](https://github.com/janoglezcampos)
## Description
PoC for a new sleep obfuscation technique (based on [Ekko](https://github.com/Cracked5pider/Ekko)) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.
A more detailed explanation will be available in the [blog post](https://idov31.github.io/2022/11/06/cronos-sleep-obfuscation.html).
![POC](img/poc.png)
## Usage
To use it, all you have to do is to include Cronos in your project and use it like so:
```c
#include "Cronos.h"int main() {
int timesToExecute = 1337;
int seconds = 10;for (int i = 0; i < timesToExecute; i++) {
CronosSleep(seconds);// YOUR CODE HERE!
}
}
```## Setup
To compile it you will need:
- [NASM](https://www.nasm.us/)
- [make](https://stackoverflow.com/questions/32127524/how-to-install-and-use-make-in-windows)
- [VisualStudio Compiler](https://developer.microsoft.com/en-US/windows/downloads/windows-sdk/)After you have all of the above, navigate to the project's directory and build it with the makefile, the EXE will be in the bin directory.
## Visual Studio Setup
- [VSNASM](https://github.com/ShiftMediaProject/VSNASM)
- Run install_script.bat- Add NASMPATH environment variable
- NASMPATH=C:\Users\\AppData\Local\bin\NASM\- Open Visual Studio & Configure Settings
- Tools > Options > Projects and Solutions > VC++ Project Settings > Build Customization Search Path
- Set to %NASMPATH%;0- You can also install the [AsmDude](https://marketplace.visualstudio.com/items?itemName=Henk-JanLebbink.AsmDude) extension for syntax highlighting into .ASM files.
## Contributors
Thanks a lot to those people that contributed to this project:
- [Orca](https://github.com/ORCx41)
- [Xenov-X](https://github.com/Xenov-X)
## Resources
- [Ekko](https://github.com/Cracked5pider/Ekko)
- [DeathSleep](https://github.com/janoglezcampos/DeathSleep)
- [Waitable Timers](https://learn.microsoft.com/en-us/windows/win32/sync/using-a-waitable-timer-with-an-asynchronous-procedure-call)