top | item 13273202

(no title)

Assuming the program has no vulnerabilities, these will do nothing. They are mitigations for memory corruption vulns, such as buffer overflows and use-after-frees. Sanitizing inputs doesn't really help for some of these.

These mitigations are "free" to add to programs in the sense that they are just compiler flags. Usually the reason these aren't being used is because the build process for a tool is really old and isn't using the latest version of Visual Studio or some other compiler. Some examples of this are Google Drive, which is still compiled with Visual Studio 2008, or 7-zip which seems to use VS 2005.

discuss

awinter-py|9 years ago

Cool. Are there other tools on your list to check a binary executable?

scottpiper|9 years ago

For static analysis to check for best practices, there aren't any free tools that come to mind that give you easily digestible info without usually doing some manual reversing and a lot of extra knowledge. HBGary once created a tool called FingerPrint that provided some of this extra info but that tool disappeared. I extracted out a lot of what it does into YARA signatures: http://0xdabbad00.com/2011/01/09/fingerprinting-using-yara/

The original purpose of HBGary's tool was for fingerprinting malware, but what it really was doing was just extracting out info from malware author's build environments that could be learned from the executables they created.

Other things you would want to check for though are: - Are the executables code signed? - When run, look in ProcessExplorer (for Windows) to see if it runs with DEP/ASLR/CFG/x64 and ensure every DLL it loads has ASLR and CFG. - Run with wireshark on and ensure any network traffic is HTTPS.

There are thousands of ways for all these checks to give incorrect information with regard to whether the developers follow best practices or not, but if you do enough steps they'll add up to a decently accurate understanding.