disable ASLR protection via sysctl (#3192)

Co-authored-by: Hare Sudhan <code@0x6c.dev>
2025-10-04 21:29:06 +03:30
parent 0fe201b898
commit c87eab6a23
1 changed files with 12 additions and 0 deletions
@@ -1358,3 +1358,15 @@ atomic_tests:
      Write-Output "File deleted: $edrFreezeExe"
    name: powershell
    elevation_required: true
+- name: Disable ASLR Via sysctl parameters - Linux
+  auto_generated_guid: 
+  description: Detects Execution of the `sysctl` command to set `kernel.randomize_va_space=0` which disables Address Space Layout Randomization (ASLR) in Linux.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      sysctl -w kernel.randomize_va_space=0
+    cleanup_command: |
+      sysctl -w kernel.randomize_va_space=2
+    name: bash
+    elevation_required: true