implementing-memory-protection-with-dep-aslr

Featured

Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.

AI & Automation 12,642 stars 1468 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Implementing Memory Protection with DEP and ASLR ## When to Use Use this skill when hardening endpoints against memory-based exploits by configuring DEP, ASLR, CFG, and Windows Exploit Protection system-wide and per-application mitigations. ## Prerequisites - Windows 10/11 or Windows Server 2016+ with administrative privileges - Group Policy management access for enterprise-wide deployment - Understanding of memory corruption attack techniques (buffer overflow, ROP chains) - Test environment for validating application compatibility with exploit mitigations ## Workflow ### Step 1: Configure System-Level Mitigations ```powershell # Enable system-wide DEP (Data Execution Prevention) # Boot configuration: OptIn (default), OptOut (recommended), AlwaysOn bcdedit /set nx AlwaysOn # Verify ASLR status (enabled by default on modern Windows) Get-ProcessMitigation -System # MandatoryASLR, BottomUpASLR, HighEntropyASLR should be ON # Enable all system-level mitigations Set-ProcessMitigation -System -Enable DEP,SEHOP,ForceRelocateImages,BottomUp,HighEntropy ``` ### Step 2: Configure Per-Application Mitigations ```powershell # Harden high-risk applications (browsers, Office, PDF readers) Set-ProcessMitigation -Name "WINWORD.EXE" -Enable DEP,SEHOP,ForceRelocateImages,CFG,StrictHandle Set-ProcessMitigation -Name "EXCEL.EXE" -Enable DEP,SEHOP,ForceRelocateImages,CFG,StrictHandle Set-ProcessMitigation -Name "AcroRd32.exe" -Enable DEP,SEHOP,ForceRelocateImages,CFG Set-ProcessMitiga...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Featured

configuring-windows-defender-advanced-settings

Configures Microsoft Defender for Endpoint (MDE) advanced protection settings including attack surface reduction rules, controlled folder access, network protection, and exploit protection. Use when hardening Windows endpoints beyond default Defender settings, deploying enterprise-grade endpoint protection, or meeting compliance requirements for advanced malware defense. Activates for requests involving Windows Defender configuration, ASR rules, MDE tuning, or Microsoft endpoint security.

12,642 Updated today
mukul975
AI & Automation Solid

memory-analysis

Embedded memory analysis, optimization, and leak detection

1,034 Updated today
a5c-ai
AI & Automation Featured

memory-forensics

Comprehensive techniques for acquiring, analyzing, and extracting artifacts from memory dumps for incident response and malware analysis.

39,227 Updated today
sickn33
AI & Automation Featured

detecting-fileless-attacks-on-endpoints

Detects fileless malware and in-memory attacks that execute entirely in RAM without writing persistent files to disk, evading traditional antivirus. Use when building detections for PowerShell-based attacks, reflective DLL injection, WMI persistence, and registry-resident malware. Activates for requests involving fileless malware detection, in-memory attacks, PowerShell exploitation, or living-off-the-land techniques.

12,642 Updated today
mukul975
AI & Automation Solid

windows-privilege-escalation

This skill should be used when the user asks to "escalate privileges on Windows," "find Windows privesc vectors," "enumerate Windows for privilege escalation," "exploit Windows misconfigurations," or "perform post-exploitation privilege escalation." It provides comprehensive guidance for discovering and exploiting privilege escalation vulnerabilities in Windows environments.

27,681 Updated today
davila7