Giters

secrary / AppSecurityLimits

AppSecurityLimits - Allows Executables To Define Security Limits

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

AppSecurityLimits

IDEA:

Define security-related limits for an executable and embed them into the application, EDR/AV products are responsible for retrieving the data at execution time and limit the application behavior based on the limits.

The tool aims to limit exploit capabilities.

whoami: @_qaz_qaz

Implementation

Developer's role:

Run AppSecurityLimits.exe with an executable path and location of the JSON file. The tool creates .appsec section in the executable and inserts the JSON config file into the section.

section

EDR/AV's role:

If an executable contains .appsec section and a magic string is .appseclimits_ then extract a JSON content from the section and control the application behavior accordingly.

python

For Example, if a JSON content contains following field: { ... "remote_process_access" : false, ... } then an EDR/AV product should deny calls like WriteRemoteProcess since it's not intended to be used according to the application developer.

json

Third-party

About

AppSecurityLimits - Allows Executables To Define Security Limits

License:Apache License 2.0

Languages

Language:C++ 88.9%Language:Python 5.8%Language:C 4.9%Language:CMake 0.4%Language:Makefile 0.0%