MoveImages

OSquery

Check ASLR configuration:

Query

select * from registry where key='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\moveImages'

Additional Query Info

  • Interval: 86400

JSON

{
  "queries": {
    "MoveImages": {
      "query": "select * from registry where key='HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\moveImages'",
      "interval": "86400",
      "platform": "",
      "version": "",
      "description": "Check ASLR configuration",
      "value": ""
    }
  }
}