Giter Site home page Giter Site logo

idov31 / cronos Goto Github PK

View Code? Open in Web Editor NEW
545.0 545.0 63.0 21 MB

PoC for a sleep obfuscation technique leveraging waitable timers to evade memory scanners.

Home Page: https://idov31.github.io/2022/11/06/cronos-sleep-obfuscation.html

License: GNU General Public License v3.0

C 75.12% Makefile 3.09% Assembly 11.47% YARA 10.33%
assembly c cyber-security cybersecurity encryption evasion infosec red-team redteam windows

cronos's Introduction

Hi there! ๐Ÿ‘‹

๐Ÿ‘จ๐Ÿปโ€๐Ÿ’ป About me:

I am an experienced security researcher who has worked in various cybersecurity roles. My main interests are OS internals, reverse engineering, kernel development and exploit development. In my free time, I am working on projects regarding evasion, persistence, and injection methods for UEFI, kernel, and user mode. Based on these, I publish educational papers and presents talks to give back to the cybersecurity community.

๐Ÿ“ง Feel free to contact me via Twitter, Telegram or mail regarding any of my projects or publications.


๐Ÿ’ญ Currently working on:

  • New projects

  • New papers

  • New talks


๐ŸŒ My blog posts:


๐Ÿ—ฃ๏ธ Talks:


โš’๏ธ Programming Languages โš’๏ธ

ย ย ย  ย ย ย  ย ย ย  ย ย ย  ย ย ย  ย ย ย  ย ย ย 


๐Ÿ“Š My stats ๐Ÿ“Š


Ido's GitHub Stats

Ido's Trophies

cronos's People

Contributors

idov31 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

robinfassinamoschiniforks cvlabsio pr0tean 0xrobert gmh5225 unleashedmen scriptidiot gavz askyeye mikethesapien rvrsh3ll beerandgin pmatoso sunnyneo jermainlaforce y11en testitok nisfan phuong39 startagain2016 ykankaya dybrkr zzhsec usama7628674 solomonsklash ratandc2 fengjixuchui xenov-x a112z 0xajstrike infinitedevelopment 5l1v3r1 clayne levlesec kalikex1 polling-repo-continua cyberflamego goodhut hirak0 shantanu561993 yeah9782 data-gami kfriitz bypasscc icodein axax002 chronoss3 peter5he1by noorahsmith ethicalsecurity-agency cpt-jack-a-castle reveng007 sodinokibi inotgreen ongyuann rnmx a7t0fwa7 darksidesfear dmitri131313 things-z thomasxm hackhubafrica

cronos's Issues

Reproduction Issues

Hello,

Bit out of scope of this repo - but I have tried to recreate this POC as a learning exercise.

However, something is causing an illegal instruction execution - I believe its because the decryption is not occurring properly.

If you would be so kind as to check my reproduction and offer guidance on the issue, it would be much appreciated.

Crash After First SleepEx With MASM

Curious why you are using NASM if you are already building this project inside of Visual Studio? I tried to convert your NASM code into MASM (it should be a direct translation):

REDACTED

I am calling it the same as your example from the C code but it is crashing after the first SleepEx. Where did you get the RSP calculations for the CONTEXT structures? How can I debug what is causing the issue after the first SleepEx?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.