记录黑客技术中优秀的内容,传播黑客文化,分享黑客技术精华

Cronos:一种对抗内存扫描的新的睡眠时混淆技术

2022-10-01 11:32

Cronos

Cronos:一种对抗内存扫描的新的睡眠时混淆技术 Cronos:一种对抗内存扫描的新的睡眠时混淆技术 Cronos:一种对抗内存扫描的新的睡眠时混淆技术

This project was co-authored by

Cronos:一种对抗内存扫描的新的睡眠时混淆技术 Cronos:一种对抗内存扫描的新的睡眠时混淆技术

Description

PoC for a new sleep obfuscation technique (based on Ekko) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners.

A more detailed explanation will be available in the blog post (COMING SOON).

Cronos:一种对抗内存扫描的新的睡眠时混淆技术

Usage

To use it, all you have to do is to include Cronos in your project and use it like so:

#include "Cronos.h"

int main() {
int timesToExecute = 1337;
int seconds = 10;

for (int i = 0; i < timesToExecute; i++) {
CronosSleep(seconds);

// YOUR CODE HERE!
}
}

Setup

To compile it you will need:

After you have all of the above, navigate to the project's directory and build it with the makefile, the EXE will be in the bin directory.

Visual Studio Setup

  • VSNASM

    • Run install_script.bat
  • Add NASMPATH environment variable

    • NASMPATH=C:\Users<user>\AppData\Local\bin\NASM\
  • Open Visual Studio & Configure Settings

    • Tools > Options > Projects and Solutions > VC++ Project Settings > Build Customization Search Path
    • Set to %NASMPATH%;0
  • You can also install AsmDude extension for syntax highlighting into .asm files.

Contributors

Thanks a lot to those people that contributed to this project:

Resources


知识来源: www.ctfiot.com/59627.html

阅读:316265 | 评论:0 | 标签:扫描 内存 混淆

想收藏或者和大家分享这篇好文章→复制链接地址

“Cronos:一种对抗内存扫描的新的睡眠时混淆技术”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

黑帝公告 📢

十年经营持续更新精选优质黑客技术文章Hackdig,帮你成为掌握黑客技术的英雄

🙇🧎¥由自富财,长成起一↓

标签云 ☁