Remote Code Policy Configuration
The remote code policy configuration is used to specify the remote code policy options for Avaritia stub.
Please note that the "remote" in this documentation means the code that is being executed from or via the external process, not the remote code execution vulnerability.
Deny the Unsigned Remote Code
This option allows you to specify whether or not to deny the remote code that is not digitally signed with the verified well-known certificate authority.
When this option is enabled, Avaritia stub will deny the remote code that is unsigned.
- Default:
false
{
"remote_code_policy": {
"deny_unsigned": false
}
}
Deny the RWX Remote Code
This option allows you to specify whether or not to deny if an segment with the read-write-execute permission is detected in the remote code being loaded.
When this option is enabled, Avaritia stub will deny the remote code that is marked as read-write-execute.
- Default:
false
{
"remote_code_policy": {
"deny_rwx": false
}
}
Deny the WindowHook
This feature is currently under development.
This option allows you to specify whether or not to always deny the remote code that is being loaded via window hook regardless of other options.
When this option is enabled, Avaritia stub will always deny the remote code that is being loaded via window hook.
- Default:
false
{
"remote_code_policy": {
"deny_window_hook": false
}
}
Allow by Subject Certificate Thumbprint
This feature is currently under development.
This option allows you to specify the SHA-1 thumbprint of the subject certificate that is allowed to execute the remote code. This option completely bypasses the certificate chain verification and trusted roots.
When this option is enabled, Avaritia stub will allow the certificate of remote code that matches the SHA-1 specified thumbprint.
- Default:
[]
{
"remote_code_policy": {
"allow_subject_certificate_thumbprint_sha1": [
"20ac808bd5e004053bda37ad0d751dc33a4f8b4b"
]
}
}