Awesome
<h1 align="center"> <br> <img src="ekko_logo.png"> <br> Ekko </h1>A small sleep obfuscation technique that uses CreateTimerQueueTimer Win32 API. <br>
Proof of Concept. Can be done better. <br>
NOTE
This implementation has known flawes. <br> So I wouldn't recommend using it without knowing how it works or know how to spot and fix those flaws. <br> TLDR: don't copy and past it into your implants.
Credit
- Austin Hudson (@SecIdiot) https://suspicious.actor/2022/05/05/mdsec-nighthawk-study.html
- Originally discovered by Peter Winter-Smith and used in MDSec’s Nighthawk