Michael B.'s repositories
DynamicKernelShellcode
An example of how x64 kernel shellcode can dynamically find and use APIs
ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
CVE-Stockpile
Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
CVE-2018-16712
PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
WarbirdExamples
An example of how to use Microsoft Windows Warbird technology
WhoCalls_C
WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)
DbgKeystone
A keystone engine powered Windows Debugger extension
FakeDriverPoC
This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.
CVE-2018-16713
PoC code for CVE-2018-16713 (exploit by rdmsr)
CVE-2018-18026
PoC Code for CVE-2018-18026 (exploit by stack overflow)
CVE-2018-18714
PoC Code for CVE-2018-18714 (exploit by stack overflow)
CVE-2018-16711
PoC code for CVE-2018-16711 (exploit by wrmsr)
Spoof-Task-Manager
An example showing how a mutex can stop taskmgr.exe from loading
The-Good-Bad-Code
Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.
Driver-Easy-Research
Python scripts for manipulating Driver Easy's servers
SystemsWork
A repo containing examples relating to various aspects of Windows internals and processor features
downwithup.github.io
Personal website
windbg2ida
Windbg2ida lets you dump each step in Windbg then shows these steps in IDA