MemITM - Tool To Make In Memory Man In The Middle

The MemITM Mem In The Middle tool has been developped in order to easily intercept "messages" in Windows processes memory. We developped a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them ...

Makin - Reveal Anti-Debugging Tricks

makin is to make initial malware assessment little bit easier, It helps to reveal a debugger detection techniques used by a sample. Supports x64 and x86 How does it work? makin opens a sample as a debuggee and injects asho.dll, asho.dll hooks several functions at ntdll.dll library and after...

DESlock+ 3.2.7 - 'vdlptokn.sys' Local Denial of Service

//////////////////////////////////////////////////////////////////////////////////// // +----------------------------------------------------------------------------+ // // | | // // | Data Encryption Systems Ltd. - http://www.deslock.com/ | // // | Data Encryption Systems DESlock+ - 3.2.7 | // /...

DESlock+ 3.2.7 - vdlptokn.sys Local Denial of Service

DESlock+ 3.2.7 - vdlptokn.sys Local Denial of Service //////////////////////////////////////////////////////////////////////////////////// // +----------------------------------------------------------------------------+ // // | | // // | Data Encryption Systems Ltd. - http://www.deslock.com/ | /...

DESlock+ 3.2.7 (vdlptokn.sys) Local Denial of Service Exploit

No description provided by source. //////////////////////////////////////////////////////////////////////////////////// // +----------------------------------------------------------------------------+ // // | | // // | Data Encryption Systems Ltd. - http://www.deslock.com/ | // // | Data...

CVE-2008-1736

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...

Input validation

Comodo Firewall Pro before 3.0 does not properly validate certain parameters to hooked System Service Descriptor Table SSDT functions, which allows local users to cause a denial of service system crash via 1 a crafted OBJECTATTRIBUTES structure in a call to the NtDeleteFile function, which leads ...

Comodo防火墙SSDT钩子多个本地拒绝服务漏洞

BUGTRAQ ID: 28742 CVECAN ID: CVE-2008-1736 Comodo是一款功能强大的个人防火墙。 Comodo防火墙的NtDeleteFile、NtCreateFile和NtSetThreadContext函数没有正确地验证参数，本地攻击者可能利用此漏洞导致防火墙不可用。 NtDeleteFile只接收了一个参数，也就是指向OBJECTATTRIBUTES结构的指针，这些属性会包含ObjectName和SECURITYDESCRIPTOR。例如，以下是Comodo在NtDeleteFile所设置的钩子： /----------- NTDeleteFile...

CVE-2007-4967

Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table SSDT function handlers, which allows local users to cause a denial of service crash and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API...

CVE-2007-4970

ProcessGuard 3.410 is vulnerable due to improper validation of parameters passed to System Service Descriptor Table (SSDT) function handlers. The issue enables local users to trigger a denial of service (crash) and potentially gain privileges by abusing kernel SSDT hooks targeting Windows Native ...

CVE-2007-4967

CVE-2007-4967 affects Online Armor Personal Firewall 2.0.1.215. The issue stems from improper validation of parameters to System Service Descriptor Table (SSDT) function handlers, enabling a local attacker to trigger a denial of service (crash) and potentially gain privileges via unspecified kern...

CVE-2006-5153

The 1 fwdrv.sys and 2 khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to caus...