PESecurity - A powershell script to check windows binaries compilations

PESecurity is a powershell script that checks if a Windows binary (EXE/DLL) has been compiled with ASLR, DEP, SafeSEH, StrongNaming, Authenticode, Control Flow Guard, and HighEntropyVA.

Installation

Download from: https://github.com/NetSPI/PESecurity.

Usage

# To execute Get-PESecurity, first import the module
Import-Module .\Get-PESecurity.psm1

# Check a single file
Get-PESecurity -file C:\Windows\System32\kernel32.dll

# Check a directory for DLLs & EXEs
Get-PESecurity -directory C:\Windows\System32\

# Check a directory for DLLs & EXEs recrusively
Get-PESecurity -directory C:\Windows\System32\ -recursive

# Export results as a CSV
Get-PESecurity -directory C:\Windows\System32\ -recursive | Export-CSV file.csv

# Show results in a table
Get-PESecurity -directory C:\Windows\System32\ -recursive | Format-Table

# Show results in a table and sort by a column
Get-PESecurity -directory C:\Windows\System32\ -recursive | Format-Table | sort ASLR

Last update: 2023-11-28
Created: March 27, 2023 14:09:07