Documentation
Configuration
Remote Code Policy

Remote Code Policy Configuration

The remote code policy configuration is used to specify the remote code policy options for Avaritia stub.

Please note that the "remote" in this documentation means the code that is being executed from or via the external process, not the remote code execution vulnerability.

Deny the Unsigned Remote Code

This option allows you to specify whether or not to deny the remote code that is not digitally signed with the verified well-known certificate authority.

When this option is enabled, Avaritia stub will deny the remote code that is unsigned.

  • Default: false
config.json
{
  "remote_code_policy": {
    "deny_unsigned": false
  }
}

Deny the RWX Remote Code

This option allows you to specify whether or not to deny if an segment with the read-write-execute permission is detected in the remote code being loaded.

When this option is enabled, Avaritia stub will deny the remote code that is marked as read-write-execute.

  • Default: false
config.json
{
  "remote_code_policy": {
    "deny_rwx": false
  }
}

Deny the WindowHook

This feature is currently under development.

This option allows you to specify whether or not to always deny the remote code that is being loaded via window hook regardless of other options.

When this option is enabled, Avaritia stub will always deny the remote code that is being loaded via window hook.

  • Default: false
config.json
{
  "remote_code_policy": {
    "deny_window_hook": false
  }
}

Allow by Subject Certificate Thumbprint

This feature is currently under development.

This option allows you to specify the SHA-1 thumbprint of the subject certificate that is allowed to execute the remote code. This option completely bypasses the certificate chain verification and trusted roots.

When this option is enabled, Avaritia stub will allow the certificate of remote code that matches the SHA-1 specified thumbprint.

  • Default: []
config.json
{
  "remote_code_policy": {
    "allow_subject_certificate_thumbprint_sha1": [
      "20ac808bd5e004053bda37ad0d751dc33a4f8b4b"
    ]
  }
}
© 2024-present SECTOR 501 LLC. All rights reserved.
Buildbff736e