Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add PE security feature detection #2498

Open
wagoodman opened this issue Jan 16, 2024 · 0 comments
Open

Add PE security feature detection #2498

wagoodman opened this issue Jan 16, 2024 · 0 comments
Labels
binary-analysis enhancement New feature or request
Milestone
Elevate binary ar...

Comments

@wagoodman
Copy link
Contributor

ELF security feature detections was added in #2443 . It would be nice to also add this same kind of features but for windows (PE formatted binaries).

Proposed features to detect:

  • DEP (data execution prevention)... though enforced from the kernel I think this is detectable from the binary's header.
  • ASLR compatibility, partially detectable with the IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE flag in the PE header (needs research).
  • CFG (control flow guard, needs research)
  • Code signing (authenticode signature)

There may be more features to detect that I'm unaware of.
@wagoodman wagoodman added enhancement New feature or request binary-analysis labels Jan 16, 2024
@wagoodman wagoodman mentioned this issue Jan 16, 2024
Merged
@wagoodman wagoodman added this to the Elevate binary artifacts milestone Feb 7, 2024
@wagoodman wagoodman added this to OSS Feb 7, 2024
@wagoodman wagoodman moved this to Backlog in OSS Feb 7, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
binary-analysis enhancement New feature or request
Projects
OSS
Status: Backlog
Milestone
Elevate binary artifacts
Development

No branches or pull requests
1 participant
@wagoodman