implementing-memory-protection-with-dep-aslr
Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.
Best use case
implementing-memory-protection-with-dep-aslr is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.
Teams using implementing-memory-protection-with-dep-aslr should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/implementing-memory-protection-with-dep-aslr/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How implementing-memory-protection-with-dep-aslr Compares
| Feature / Agent | implementing-memory-protection-with-dep-aslr | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Implements memory protection mechanisms including DEP (Data Execution Prevention), ASLR (Address Space Layout Randomization), CFG (Control Flow Guard), and other exploit mitigations to prevent memory corruption attacks. Use when hardening endpoints against buffer overflow exploits, ROP chains, and code injection. Activates for requests involving memory protection, exploit mitigation, DEP, ASLR, or CFG configuration.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
ChatGPT vs Claude for Agent Skills
Compare ChatGPT and Claude for AI agent skills across coding, writing, research, and reusable workflow execution.
SKILL.md Source
# Implementing Memory Protection with DEP and ASLR ## When to Use Use this skill when hardening endpoints against memory-based exploits by configuring DEP, ASLR, CFG, and Windows Exploit Protection system-wide and per-application mitigations. ## Prerequisites - Windows 10/11 or Windows Server 2016+ with administrative privileges - Group Policy management access for enterprise-wide deployment - Understanding of memory corruption attack techniques (buffer overflow, ROP chains) - Test environment for validating application compatibility with exploit mitigations ## Workflow ### Step 1: Configure System-Level Mitigations ```powershell # Enable system-wide DEP (Data Execution Prevention) # Boot configuration: OptIn (default), OptOut (recommended), AlwaysOn bcdedit /set nx AlwaysOn # Verify ASLR status (enabled by default on modern Windows) Get-ProcessMitigation -System # MandatoryASLR, BottomUpASLR, HighEntropyASLR should be ON # Enable all system-level mitigations Set-ProcessMitigation -System -Enable DEP,SEHOP,ForceRelocateImages,BottomUp,HighEntropy ``` ### Step 2: Configure Per-Application Mitigations ```powershell # Harden high-risk applications (browsers, Office, PDF readers) Set-ProcessMitigation -Name "WINWORD.EXE" -Enable DEP,SEHOP,ForceRelocateImages,CFG,StrictHandle Set-ProcessMitigation -Name "EXCEL.EXE" -Enable DEP,SEHOP,ForceRelocateImages,CFG,StrictHandle Set-ProcessMitigation -Name "AcroRd32.exe" -Enable DEP,SEHOP,ForceRelocateImages,CFG Set-ProcessMitigation -Name "chrome.exe" -Enable DEP,CFG,ForceRelocateImages Set-ProcessMitigation -Name "msedge.exe" -Enable DEP,CFG,ForceRelocateImages # Export configuration for deployment Get-ProcessMitigation -RegistryConfigFilePath "C:\exploit_protection.xml" # Deploy via Intune or GPO ``` ### Step 3: Deploy via Intune/GPO ``` Intune: Endpoint Security → Attack Surface Reduction → Exploit Protection Import exploit_protection.xml template GPO: Computer Configuration → Admin Templates → Windows Components → Windows Defender Exploit Guard → Exploit Protection → "Use a common set of exploit protection settings" → Enabled → Point to XML file on network share ``` ## Key Concepts | Term | Definition | |------|-----------| | **DEP** | Marks memory pages as non-executable to prevent shellcode execution in data regions | | **ASLR** | Randomizes memory addresses of loaded modules to defeat hardcoded ROP gadgets | | **CFG** | Validates indirect call targets at runtime to prevent control flow hijacking | | **SEHOP** | Validates SEH chain integrity to prevent SEH-based exploitation | ## Tools & Systems - **Windows Exploit Protection**: Built-in per-process mitigation management - **EMET (legacy)**: Enhanced Mitigation Experience Toolkit (predecessor, now deprecated) - **ProcessMitigations PowerShell**: Get/Set-ProcessMitigation cmdlets ## Common Pitfalls - **DEP compatibility**: Legacy 32-bit applications may crash with DEP AlwaysOn. Use OptOut with exceptions. - **Mandatory ASLR breaking apps**: Some applications are not ASLR-compatible. Test before enforcing ForceRelocateImages. - **CFG limited to compiled-in support**: CFG only works for applications compiled with /guard:cf. Cannot be retroactively applied.
Related Skills
performing-memory-forensics-with-volatility3
Analyze volatile memory dumps using Volatility 3 to extract running processes, network connections, loaded modules, and evidence of malicious activity.
performing-memory-forensics-with-volatility3-plugins
Analyze memory dumps using Volatility3 plugins to detect injected code, rootkits, credential theft, and malware artifacts in Windows, Linux, and macOS memory images.
implementing-zero-trust-with-hashicorp-boundary
Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential brokering, session recording, and Vault integration.
implementing-zero-trust-with-beyondcorp
Deploy Google BeyondCorp Enterprise zero trust access controls using Identity-Aware Proxy (IAP), context-aware access policies, device trust validation, and Access Context Manager to enforce identity and posture-based access to GCP resources and internal applications.
implementing-zero-trust-network-access
Implementing Zero Trust Network Access (ZTNA) in cloud environments by configuring identity-aware proxies, micro-segmentation, continuous verification with conditional access policies, and replacing traditional VPN-based access with BeyondCorp-style architectures across AWS, Azure, and GCP.
implementing-zero-trust-network-access-with-zscaler
Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based, context-aware access to private applications through the Zscaler Zero Trust Exchange.
implementing-zero-trust-in-cloud
This skill guides organizations through implementing zero trust architecture in cloud environments following NIST SP 800-207 and Google BeyondCorp principles. It covers identity-centric access controls, micro-segmentation, continuous verification, device trust assessment, and deploying Identity-Aware Proxy to eliminate implicit network trust in AWS, Azure, and GCP environments.
implementing-zero-trust-for-saas-applications
Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies, OAuth app governance, and session controls to enforce identity verification, device compliance, and data protection for cloud-hosted services.
implementing-zero-trust-dns-with-nextdns
Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.
implementing-zero-standing-privilege-with-cyberark
Deploy CyberArk Secure Cloud Access to eliminate standing privileges in hybrid and multi-cloud environments using just-in-time access with time, entitlement, and approval controls.
implementing-zero-knowledge-proof-for-authentication
Zero-Knowledge Proofs (ZKPs) allow a prover to demonstrate knowledge of a secret (such as a password or private key) without revealing the secret itself. This skill implements the Schnorr identificati
implementing-web-application-logging-with-modsecurity
Configure ModSecurity WAF with OWASP Core Rule Set (CRS) for web application logging, tune rules to reduce false positives, analyze audit logs for attack detection, and implement custom SecRules for application-specific threats. The analyst configures SecRuleEngine, SecAuditEngine, and CRS paranoia levels to balance security coverage with operational stability. Activates for requests involving WAF configuration, ModSecurity rule tuning, web application audit logging, or CRS deployment.