vscode-pets

Problem

ASLR (address-space layout randomization) is a mitigation technique that increases the difficulty of performing buffer-overflow attacks that require the attacker to know the address of the program in memory. This is done by loading the program at a randomly selected address in the process' address space. ASLR-enabled kernels can choose a random load address only for position-independent executables and code.

Problem

On Linux, external symbols are resolved via the procedure linkage table (PLT) and the global offset table (GOT). Without any protection, both are writable at runtime and thus leave the executable vulnerable to pointer hijacking - an attack where the function address is overwritten with an address of a malicious function. Pointer hijacking can be mitigated by using full read-only relocations, which instruct the compiler to unify global offset tables into a single read-only table. This requires that all external function symbols are resolved at load-time instead of during execution, and may increase loading time for large programs.

Problem

Proprietary ReversingLabs analysis engine supports a wide range of commonly used archive and software packaging formats. Using automated static file decomposition technologies, the engine recursively analyzes complex software packages. Software analysis is typically conducted in multiple steps. Content identification, unpacking, validation, and classification are some of the steps performed on each analyzed file. The analysis engine may sometimes identify archive or software packaging formats that are not supported for deep file inspection or unpacking. This issue is reported for files that might contain additional software components that were not listed in the Software Bill of Materials (SBOM) due to lack of packaging format support. File reputation lookup and surface level analysis are still performed for all unsupported file formats. Therefore, some files might get detected as malicious even though they are packaged in an unsupported format.