Frida-Wshook - Script Analysis Tool Based On Frida.re

frida-wshook is an analysis and instrumentation tool which uses frida.re to hook common functions often used by malicious script files which are run using WScript/CScript. The tool intercepts Windows API functions and doesn't implement function stubs or proxies within the targeted scripting...

CVE-2013-6791

Microsoft Enhanced Mitigation Experience Toolkit EMET before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection mechanism via a return-oriented programming ROP attack...

Multiple antivirus and firewall memory corruption

Memory corruptions on SSDR hooked functions argument processing...

CORE FORCE firewall buffer overflow

Buffer overflow on IOCTLs and SSDT-hooked functions processing...

Kaspersky Internet Security privilege escalation

Invalid processing of SSDT hooked functions arguments...

Norton Personal Firewall / Norton Internet Security privilege escalation

Invalid processing of hooked functions parameters...

Outpost Firewall privilege escalation

Insufficient incoming data validation for DeviceSandBox device driver and SSDT hoocked functions...