Cracked5pider/Ekko

This repository has been archived on 06/Apr/2024
Stars
652
Rank 69,062 (Top 2 %)
Language
C
Created over 2 years ago
Updated 12 months ago

Cracked5pider/Ekko

Cracked5pider

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Sleep Obfuscation

Ekko

A small sleep obfuscation technique that uses CreateTimerQueueTimer Win32 API.
Proof of Concept. Can be done better.

NOTE

This implementation has known flawes.
So I wouldn't recommend using it without knowing how it works or know how to spot and fix those flaws.
TLDR: don't copy and past it into your implants.

Credit

Austin Hudson (@SecIdiot) https://suspicious.actor/2022/05/05/mdsec-nighthawk-study.html
Originally discovered by Peter Winter-Smith and used in MDSec’s Nighthawk

Stardust

A modern 64-bit position independent implant template

KaynLdr

KaynLdr is a Reflective Loader written in C/ASM

LdrLibraryEx

A small x64 library to load dll's into memory.

KaynStrike

CoffeeLdr

Beacon Object File Loader

conti_locker

Conti Locker source code

CodeCave

A bunch of scripts and code i wrote.

LsaParser

A shitty (and old) lsass parser.

eop24-26229

A firebeam plugin that exploits the CVE-2024-26229 vulnerability to perform elevation of privilege from a unprivileged user

unguard-eat

havoc kaine plugin to mitigate PAGE_GUARD protected image headers using JOP gadgets

kaine-assembly

a demo module for the kaine agent to execute and inject assembly modules

Cracked5pider

Rhaast

doesnt work and wont work on it anymore