AutomatedLabCore

Problem

Data Execution Prevention (DEP/NX) is a vulnerability mitigation option that prevents data from being interpreted as code anywhere within the application. This mitigation protects the application stack, heap and other memory data ranges. Executable files that fail to implement this mitigation expose the user to increased risks of malicious code injection.

Problem

Protection from integer-based memory allocation overflow attacks is a vulnerability mitigation implemented by the programming language compiler. It enables enforcement of memory allocation limits during code execution. This is achieved by instrumenting each memory allocation instance (through the programming language keyword 'new') and validating its parameters. Should an application try to allocate a maximum number of elements via a single call to 'new', the execution will be terminated. This vulnerability mitigation is designed to protect against resource exhaustion and improper handling of memory allocation failures.

Problem

Software components sometimes need to interact with higher privilege parts of the operating system, often requiring administrative access to accomplish a task. System security settings are the first line of defense against the most common attack vectors. For that reason, attackers often aim to tamper with system security settings. Disabling User Access Controls (UAC) and other security settings enables malicious code to execute without being blocked. While the presence of code that tampers with system security settings does not necessarily imply malicious intent, all of its uses in a software package should be documented and approved. Only select applications should consider using functions that interact with system security settings. One example of acceptable use for such functions is allowing specialized applications to install as services that monitor the operating system events.

Problem

Software components sometimes need to interact with higher privilege parts of the operating system, often requiring administrative access to accomplish a task. Operating systems integrate first and third-party security solutions that can detect and block malicious code. For that reason, attackers often aim to tamper with system security software. Changing antivirus and other security software service settings may enable malicious code to execute without being blocked. While the presence of code that tampers with system security software does not necessarily imply malicious intent, all of its uses in a software package should be documented and approved. Only select applications should consider using functions that can temporarily disable system security features. One example of acceptable use for such functions is allowing specialized applications to modify protected folders and settings.

Problem

Uniform Resource Locators (URLs) are structured addresses that point to locations and assets on the internet. URLs allow software developers to build complex applications that exchange data with servers that can be hosted in multiple geographical regions. URLs can commonly be found embedded in documentation, configuration files, source code and compiled binaries. One or more embedded URLs were discovered to link to raw files hosted on GitHub. Attackers often abuse popular web services to host malicious payloads. Since code-sharing services URLs are typically allowed by security solutions, using them for payload delivery increases the odds that the malicious code will reach the user. While the presence of code-sharing service locations does not imply malicious intent, all of their uses in a software package should be documented and approved. An increasing number of software supply chain attacks in the open source space leverages the GitHub service to deliver malicious payloads.