PE security
winchecksec
Static inspection of Windows binaries for mitigations like DEP, ASLR, and code integrity.
View on GitHub
trailofbits/winchecksec
Best for
Quickly checking whether release artifacts actually picked up the hardening you expect.
Surface
PE security
Catalog group
Inspect operating systems and endpoint surfaces
Repository
trailofbits/winchecksec
From the README
winchecksec =========== winchecksec performs static detection of common Windows security features. The following security features are currently detected: winchecksec depends on pe-parse and uthenticode, which can be installed via vcpkg: NOTE: On Windows, vcpkg defaults to 32-bit builds.Read the full README on GitHub ↗
Related tools · Inspect operating systems and endpoint surfaces
- Linuxevents eBPF-based monitoring without shipping kernel headers or a stack of environment-specific bytecode artifacts.
- ebpfpub Monitors system and library calls across multiple kernel versions with minimal runtime dependencies.
- ebpf-verifier Research prototype for running the eBPF verifier outside the live kernel to make cross-version testing practical.
- pe-parse Minimal, security-focused parser for Portable Executable files built to survive malicious or malformed inputs.
- osquery-extensions Collection of Trail of Bits extensions that expand what osquery can inspect and expose.