Twitter | Pretraživanje | |
Will Dormann 22. sij
Are there any tools to auto-enumerate any running processes in Windows that don't leverage ASLR themselves, or have libraries loaded that don't leverage ASLR? Sort of like what's outlined at but without requiring any user interaction.
Reply Retweet Označi sa "sviđa mi se"
Will Dormann
Since this doesn't seem to be a thing, I've created a rudimentary python script that does it. Seems useful. Note: For now it requires both Sysinternals ListDLLs and Microsoft dumpbin.exe
Reply Retweet Označi sa "sviđa mi se" More
Will Dormann 22. sij
Odgovor korisniku/ci @DidierStevens
I would love to see a "wall of shame" to call out vendors/applications that aren't ASLR compliant. Anybody who runs this script on a real-world system would be able to help contribute!
Reply Retweet Označi sa "sviđa mi se"
Will Dormann 24. sij
Odgovor korisniku/ci @DidierStevens @RonnyTNL @__adh__
Based on suggestions from and I've updated No longer requires dumpbin.exe or listdlls.exe (if Python pefile and psutil are available). Also exports the findings as a CSV. Any reported app is a good candidate for EMET or WDEG force ASLR!
Reply Retweet Označi sa "sviđa mi se"
Ronny 22. sij
Odgovor korisniku/ci @wdormann @DidierStevens
have fun gathering, printer drivers, print accounting sw, bundled audio/cam/whatevs software on machines, it's a nightmare.
Reply Retweet Označi sa "sviđa mi se"