Hunt-Sleeping-Beacons Aims To Identify Sleeping Beacons.The | HackGit
Hunt-Sleeping-Beacons
Aims To Identify Sleeping Beacons.The idea of this project is to identify beacons which are unpacked at runtime or running in the context of another process.
To do so, I make use of the observation that beacons tend to call Sleep between their callbacks. A call to sleep sets the state of the thread to DelayExecution which is taken as a first indiciator that a thread might be executing a beacon.
After enumerating all threads whose state is DelayExecution, multiple metrics are applied to identify potential beacons