PowerNets

Popularity

809

Total Downloads

Contributors

Declared Dependencies

Dependents

Top issues

See all issues

SQ14102

Detected Windows executable files that do not implement the DEP vulnerability mitigation protection.

Causes risk: baseline mitigations missing

hardening

Problem

Data Execution Prevention (DEP/NX) is a vulnerability mitigation option that prevents data from being interpreted as code anywhere within the application. This mitigation protects the application stack, heap and other memory data ranges. Executable files that fail to implement this mitigation expose the user to increased risks of malicious code injection.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

It's highly recommended to enable this option for all software components used at security boundaries, or those that process user controlled inputs.

To enable this mitigation, refer to your programming language linker documentation.

In Microsoft VisualStudio, you can enable DEP mitigation by setting the linker option /NXCOMPAT to ON.

TH30112

Detected presence of software components without a declared source code repository.

hunting

Problem

Software developers use programming and design knowledge to build reusable software components. Software components are the basic building blocks for modern applications. Software consumed by an enterprise consists of hundreds, and sometimes even thousands of open source components. Open source communities depend on the work of thousands of software developers that volunteer their time to maintain software components. Software developers build up the reputation of their open source projects by developing in public. Modern source code repositories have many social features that allow software developers to handle bug reports, have discussions with their users, and convey reaching significant project milestones. It is uncommon to find open source projects that omit linking their component to a publicly accessible source code repository.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

Check the software component behaviors for anomalies.

Consider exploratory software component testing within a sandbox environment.

Consider replacing the software component with a more widely used alternative.

Avoid using this software package until it is vetted as safe.

SQ14108

Detected Windows executable files that rely on the ineffective ASLR vulnerability mitigation enforcement option.

Causes risk: reduced effectiveness mitigations

hardening

Problem

Address Space Layout Randomization (ASLR) is a vulnerability mitigation option that forces software components to load on a different memory base address each time they are used. This makes the memory layout unpredictable, and it is therefore harder for malicious code to be reliably injected during application runtime. Although enabling ASLR is an opt-in setting during program linking, some operating system configurations can still enforce its use if the vulnerability mitigation requirements are met. This is possible even if the application hasn't been explicitly marked as ASLR-compatible. While this generally improves security posture, the limitation of ASLR enforcement is that the application load addresses are not truly randomized. In most cases, the application load base is different than the default, but it remains the same for the entire duration of device uptime.

Prevalence in PowerShell Gallery community

No prevalence information at this time

Next steps

In Microsoft VisualStudio, you should explicitly enable ASLR mitigation by setting the linker option /DYNAMICBASE to ON.

Top behaviors

See all behaviors

Interacts with Microsoft .NET Framework code, types and assemblies.

execution