Michael B. (DownWithUp)

DownWithUp

Geek Repo

Location:Internet

Home Page:downwithup.github.io

Twitter:@DownWithUpSec

Github PK Tool:Github PK Tool

Michael B.'s repositories

CallMon

CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers

DynamicKernelShellcode

An example of how x64 kernel shellcode can dynamically find and use APIs

Language:AssemblyStargazers:102Issues:5Issues:0

ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Language:CStargazers:45Issues:4Issues:0

CVE-2018-16712

PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)

Language:CStargazers:25Issues:2Issues:0

WarbirdExamples

An example of how to use Microsoft Windows Warbird technology

Language:CStargazers:23Issues:1Issues:0

WhoCalls_C

WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)

Language:CStargazers:17Issues:3Issues:0

KLoad_C

A simple command line utility to quickly load and unload Windows drivers

Language:CStargazers:13Issues:2Issues:0

WHPHook

Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level

Language:C++License:MITStargazers:13Issues:3Issues:0

WinPools

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation

Language:CStargazers:11Issues:2Issues:0

DbgKeystone

A keystone engine powered Windows Debugger extension

Language:CStargazers:10Issues:2Issues:0

KLoad

A simple command line utility to quickly load and unload Windows drivers

Language:RustStargazers:9Issues:2Issues:0

FakeDriverPoC

This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.

Language:CStargazers:7Issues:2Issues:0

CVE-2018-16713

PoC code for CVE-2018-16713 (exploit by rdmsr)

Language:CStargazers:6Issues:2Issues:0

CVE-2018-18026

PoC Code for CVE-2018-18026 (exploit by stack overflow)

Language:CStargazers:6Issues:2Issues:0

CVE-2018-18714

PoC Code for CVE-2018-18714 (exploit by stack overflow)

Language:CStargazers:6Issues:2Issues:0

CVE-2018-16711

PoC code for CVE-2018-16711 (exploit by wrmsr)

soplock

The Simple Opportunistic Lock tool

Language:CStargazers:5Issues:2Issues:0

SHA-ME

A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.

Language:CStargazers:4Issues:2Issues:0

Spoof-Task-Manager

An example showing how a mutex can stop taskmgr.exe from loading

Language:AssemblyStargazers:4Issues:3Issues:0

The-Good-Bad-Code

Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.

Language:AssemblyStargazers:4Issues:2Issues:0

wat

The Linux coreutils spin off of cat, but for Windows.

Language:AssemblyStargazers:4Issues:2Issues:0

Driver-Easy-Research

Python scripts for manipulating Driver Easy's servers

Language:PythonStargazers:3Issues:2Issues:0

HyperCalc

An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.

Language:RustStargazers:3Issues:2Issues:0

bswap

A Windbg extension for swapping byte endianness.

Language:CStargazers:2Issues:2Issues:0

SystemsWork

A repo containing examples relating to various aspects of Windows internals and processor features

Language:CStargazers:2Issues:2Issues:0

downwithup.github.io

Personal website

Language:HTMLStargazers:1Issues:1Issues:0

speakeasy

Windows kernel and user mode emulation.

Language:PythonLicense:MITStargazers:1Issues:0Issues:0

WhoCalls

A program which can query a directory of files, find the binaries, and search for a specified Win API import.

Language:RustStargazers:1Issues:2Issues:0

windbg2ida

Windbg2ida lets you dump each step in Windbg then shows these steps in IDA

Language:JavaScriptLicense:GPL-3.0Stargazers:1Issues:1Issues:0