PoC for a new sleep obfuscation technique (based on Ekko) leveraging waitable timers to RC4 encrypt the current process and change the permissions from RW to RX to evade memory scanners. A more detailed explanation will be available in the blog post.
Install Cronos
VisualStudio Compiler
Add NASMPATH environment variable. Open Visual Studio & Configure Settings. You can also install the AsmDude extension for syntax highlighting into .ASM files.
VSNASM Run install_script.bat
Add NASMPATH environment variable NASMPATH=C:\Users<user>\AppData\Local\bin\NASM\
Open Visual Studio & Configure Settings Tools > Options > Projects and Solutions > VC++ Project Settings > Build Customization Search Path Set to %NASMPATH%;0
You can also install the AsmDude extension for syntax highlighting into .ASM files.
