DownWithUp

followers

following

stars

Internet

downwithup.github.io

Michael B.'s repositories

CallMon

CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers

Language:C121 11 1

DynamicKernelShellcode

An example of how x64 kernel shellcode can dynamically find and use APIs

Language:Assembly102 50

ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.

Language:C84 4 1

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

Language:C45 40

CVE-2018-16712

PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)

Language:C25 20

WarbirdExamples

An example of how to use Microsoft Windows Warbird technology

Language:C23 10

WhoCalls_C

WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)

Language:C17 30

KLoad_C

A simple command line utility to quickly load and unload Windows drivers

Language:C13 20

WHPHook

Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level

Language:C++MIT13 30

WinPools

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation

Language:C11 20

DbgKeystone

A keystone engine powered Windows Debugger extension

Language:C10 20

KLoad

A simple command line utility to quickly load and unload Windows drivers

Language:Rust9 20

FakeDriverPoC

This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.

Language:C7 20

CVE-2018-16713

PoC code for CVE-2018-16713 (exploit by rdmsr)

Language:C6 20

CVE-2018-18026

PoC Code for CVE-2018-18026 (exploit by stack overflow)

Language:C6 20

CVE-2018-18714

PoC Code for CVE-2018-18714 (exploit by stack overflow)

Language:C6 20

CVE-2018-16711

PoC code for CVE-2018-16711 (exploit by wrmsr)

Language:C5 2 1

soplock

The Simple Opportunistic Lock tool

Language:C5 20

SHA-ME

A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.

Language:C4 20

Spoof-Task-Manager

An example showing how a mutex can stop taskmgr.exe from loading

Language:Assembly4 30

The-Good-Bad-Code

Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.

Language:Assembly4 20

wat

The Linux coreutils spin off of cat, but for Windows.

Language:Assembly4 20

Driver-Easy-Research

Python scripts for manipulating Driver Easy's servers

Language:Python3 20

HyperCalc

An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.

Language:Rust3 20

bswap

A Windbg extension for swapping byte endianness.

Language:C2 20

SystemsWork

A repo containing examples relating to various aspects of Windows internals and processor features

Language:C2 20

downwithup.github.io

Personal website

Language:HTML1 10

speakeasy

Windows kernel and user mode emulation.

Language:PythonMIT100

WhoCalls

A program which can query a directory of files, find the binaries, and search for a specified Win API import.

Language:Rust1 20

windbg2ida

Windbg2ida lets you dump each step in Windbg then shows these steps in IDA

Language:JavaScriptGPL-3.01 10