PESTO is a Python script that extracts and saves in a database some PE file security characteristics or flags searching for every PE binary in a whole directory, and saving results in a database. It checks for architecture flag in the header, and for the following security flags: ASLR, NO_SEH, DEP and CFG. Code is clear enough to modify flags and formats to your own needs. More details and flag explanation in here: https://www.slideshare.net/elevenpaths/anlisis-del-nivel-proteccin-antiexploit-en-windows-10 Functionality The script just needs a path and a tag. The program will go through the path and subdirectories searching for .DLL and .EXE files and extracting the flags in the PE header (thanks to PEfile python library). The program requires a tag that will be used as a suffix for logs and database filenames, so different analysis can be done in the same directory. The information provided by the script is: Percentage of .DLL and .EXE files with i386, AMD64, IA64 or other architecture. Percentage of ASLR, NO_SEH, DEP and CFG flags enabled or disabled in the headers. After finishing the analysis it will prompt to export results in a SQL or CSV format. It will create as well a .db file which is a sqlite file with the information collected. Related tools https://github.com/olliencc/WinBinaryAudit https://blog.netspi.com/verifying-aslr-dep-and-safeseh-with-powershell/ https://github.com/angelorighi/pescheck/blob/master/pescheck.py …
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-10-31 17:56:002019-10-31 17:56:00PESTO - PE (files) Statistical Tool
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com