winchecksec icon indicating copy to clipboard operation
winchecksec copied to clipboard

Published 20 hours ago verified publisher icon trailofbits

Add a running process analysis mode

Open woodruffw opened this issue 4 years ago • 1 comments

Not all Windows security features/mitigations can be detected statically; it'd be nice to have a -p PID or similar flag that allows a running process to be audited via GetProcessMitigationPolicy and other calls.

woodruffw avatar Nov 15 '19 10:11 woodruffw

Similarly, maybe a -c cmd mode to spawn a process for auditing.

woodruffw avatar Nov 15 '19 10:11 woodruffw