Sleep obfuscation is a cybersecurity technique used to hide the presence of malware during dormancy. This post explores the Ekko sleep obfuscation implementation by C5pider, explaining how to modify it to bypass the Hunt Sleeping Beacons tool. The technique involves spoofing the call stack, modifying memory permissions, and encrypting payloads among other actions to avoid detection. The provided examples and code snippets offer insights on how to implement and adapt these methods effectively on x64 Windows systems.
Table of contents
Sleep Obfuscation?EkkoHunt Sleeping BeaconsConclusion and other observationsCreditsSort: