There are no reviews yet. Be the first to send feedback to the community and the maintainers!
CallMon
CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlersDynamicKernelShellcode
An example of how x64 kernel shellcode can dynamically find and use APIsALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.CVE-Stockpile
Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.CVE-2018-16712
PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)WarbirdExamples
An example of how to use Microsoft Windows Warbird technologyWhoCalls_C
WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)KLoad_C
A simple command line utility to quickly load and unload Windows driversWinPools
WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformationWHPHook
Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor levelCVE-2018-15499
PoC code for CVE-2018-15499 (exploit race condition for BSoD)DbgKeystone
A keystone engine powered Windows Debugger extensionWindows-Syscalls-Examples
Examples of how to use Syscalls in various Windows versions and architectures.IOCTL-Flooder
IOCTL-Flooder is a verbose tool designed to help with Windows driver fuzzing by brute forcing IOCTLs on loaded drivers. GetLastError is used to guess validityKLoad
A simple command line utility to quickly load and unload Windows driversFakeDriverPoC
This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.CVE-2018-16713
PoC code for CVE-2018-16713 (exploit by rdmsr)CVE-2018-18714
PoC Code for CVE-2018-18714 (exploit by stack overflow)CVE-2018-18026
PoC Code for CVE-2018-18026 (exploit by stack overflow)soplock
The Simple Opportunistic Lock toolCVE-2018-16711
PoC code for CVE-2018-16711 (exploit by wrmsr)Code-Rewrites
Programs and scripts I've ported to other languages, mostly for fun.Spoof-Task-Manager
An example showing how a mutex can stop taskmgr.exe from loadingwat
The Linux coreutils spin off of cat, but for Windows.The-Good-Bad-Code
Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.SystemsWork
A repo containing examples relating to various aspects of Windows internals and processor featuresHyperCalc
An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.Check-Administrator-Status
A spin off of Command Prompt Add-ons. This includes examples of how to check privilege status.Driver-Easy-Research
Python scripts for manipulating Driver Easy's serversbswap
A Windbg extension for swapping byte endianness.Musical-Processes
Turn a process' memory into music (32-bit only)WhoCalls
A program which can query a directory of files, find the binaries, and search for a specified Win API import.downwithup.github.io
Personal websiteLove Open Source and this site? Check out how you can help us