hackinSTACK

I’ve learned recently that good security testing is all too often a shadow of a larger skillset - good debugging knowledge. Because of this I’ve been following many more of the blogs of individuals on the Windows debugging and advanced troubleshooting teams and learning more about the tools they use to peer deeply into applications and systems.

Two of the programs which come up often in their troubleshooting are WinDBG and Process Explorer. Having used each extensively over the last few months I noticed a cool new (to me at least) feature in Process Explorer tonight and thought I would share it - this is the DEP and ASLR status tags.

To enable the identification tabs right-click on the column headings in the main window. This brings up a menu which allows you to select the appropriate tags…

Now you can quickly identify running programs having these features enabled. This is very similar to the information from David Maynor’s LookingGlass utility. (whose link seems to come and go in my bookmarks)

I prefer to have less applications that are more universally powerful than having to download a hundred different software utilities, each with specialized tasks, but YMMV.