SkillAgentSearch skills...

AppSecurityLimits

AppSecurityLimits - Allows Executables To Define Security Limits

GenerateConvertImprove

Install / Use

/learn @secrary/AppSecurityLimits
About this skill

Quality Score

0/100

Supported Platforms

Universal

README

AppSecurityLimits

IDEA:

Define security-related limits for an executable and embed them into the application, EDR/AV products are responsible for retrieving the data at execution time and limit the application behavior based on the limits.

The tool aims to limit exploit capabilities.

whoami: @_qaz_qaz

Implementation

Developer's role:

Run AppSecurityLimits.exe with an executable path and location of the JSON file. The tool creates .appsec section in the executable and inserts the JSON config file into the section.

section

EDR/AV's role:

If an executable contains .appsec section and a magic string is .appseclimits_ then extract a JSON content from the section and control the application behavior accordingly.

python

For Example, if a JSON content contains following field: { ... "remote_process_access" : false, ... } then an EDR/AV product should deny calls like WriteRemoteProcess since it's not intended to be used according to the application developer.

json

Third-party

secrary

View profile

View on GitHub
GitHub Stars17
CategoryDevelopment
Updated1y ago
Forks5
secrary/AppSecurityLimits

Languages

C++

Security Score

75/100

Audited on Oct 15, 2024

No findings