winchecksec
winchecksec copied to clipboard
Add a running process analysis mode
Not all Windows security features/mitigations can be detected statically; it'd be nice to have a -p PID
or similar flag that allows a running process to be audited via GetProcessMitigationPolicy
and other calls.
Similarly, maybe a -c cmd
mode to spawn a process for auditing.