Research, develop, consult and educate




Binary Assurance for Windows


Straight from your (excellent) presentation: please send me your cool tool." - Audience, Source Boston

Thanks so much for the tool as well as the valuable info in the presentation, I'll happily be sharing both with my dev team." - Audience, Source Boston

Really enjoyed your talk about binary analysis. I'm going to look at incorporating things you talked about into our 3rd party component review process." - Audience, Source Boston

Love the tool! (Binary Assurance for Windows)" - US DoD


Even though you've licensed the software from the vendor, you don't have access to the source code or symbols. Recx 'Binary Assurance for Windows' gives visibility inside the product, allowing the determination of security controls and countermeasures as well as insecure coding practices.

Features

ExeAudit GUI

Auditing of single binaries or entire installation trees, using either GUI or command line interfaces.

ExeAudit Help

Detailed help describing each of the features and the related risks.

ExeAudit Checks

Comprehensive auditing including all developer security controls.

In 2012, we presented our research 'Finding The Weak Link In Windows Binaries' and demonstrated our binary auditing software at both Source Boston and Crestcon.

The slides from our presentation are available on SlideShare so you can follow the presentation more easily.



Developers & Software Quality Assurance teams

Audit your software and the libraries you depend on, be sure all available security controls and countermeasures are in place and that you're not relying on any unsafe procedures.

  • Ensure your software has all the security controls enabled.
  • Verify build environments are correctly configured.
  • Identify potential weak-points in externally compiled dependencies.
  • Guarantee compliance with Microsoft best practice recommendations.
  • Identify subtle weaknesses that Microsoft doesn't document based on Recx's research.

Auditors and security professionals

Inspect the software you rely on; get assurance that the available security features are enabled and qualify which products carry increased business risk.

  • Drill down into software to determine potential risk.
  • Identify areas where additional protection is required.
  • Understand where Microsoft EMET can be used to augment application defences.
  • Establish a level of confidence in your installed software base.
  • Have the knowledge to drive future security requirements back to your software vendors.

Researchers and vulnerability hunters

Profile target software to identify which binaries and libraries will give you the best return on your research effort.

  • Identify the binaries likely positive investment return in terms of exploitability.
  • Quickly profile binaries to determine the enforced controls.
  • Identify programs which make use of insecure coding practices.
  • Determine external library dependencies within software.
  • Automate using CLI and CSV output across many builds of the same software.

Licensing

Team licensing is available on the same per seat basis, with discounts based on volume. Alternatively, if you're looking for an enterprise or site-wide licence please get in touch for a quote.

At Recx we're confident in our software and research. If you try it, and you're not happy, we'll refund your purchase - no quibbles.