Discover @DownWithUp Open Source projects

Michael B. (@DownWithUp)

DownWithUp

Stars
604
Global Rank 48,973 (Top 2 %)
Followers 172
Following 48
Registered almost 9 years ago
Most used languages

C
58.8 %

Assembly
17.6 %

Rust
8.8 %

Pascal 5.9 %

C++
2.9 %

HTML
2.9 %

Python
2.9 %
Location 🇺🇸 United States
Country Total Rank 13,669
Country Ranking

Assembly
71

Pascal 194

C
737

Rust
3,165

C++
9,186

CallMon

CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers

DynamicKernelShellcode

An example of how x64 kernel shellcode can dynamically find and use APIs

ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

CVE-2018-16712

PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)

WarbirdExamples

An example of how to use Microsoft Windows Warbird technology

WhoCalls_C

WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)

KLoad_C

A simple command line utility to quickly load and unload Windows drivers

WinPools

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation

WHPHook

Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level

CVE-2018-15499

PoC code for CVE-2018-15499 (exploit race condition for BSoD)

DbgKeystone

A keystone engine powered Windows Debugger extension

Windows-Syscalls-Examples

Examples of how to use Syscalls in various Windows versions and architectures.

IOCTL-Flooder

IOCTL-Flooder is a verbose tool designed to help with Windows driver fuzzing by brute forcing IOCTLs on loaded drivers. GetLastError is used to guess validity

KLoad

A simple command line utility to quickly load and unload Windows drivers

FakeDriverPoC

This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.

CVE-2018-16713

PoC code for CVE-2018-16713 (exploit by rdmsr)

CVE-2018-18714

PoC Code for CVE-2018-18714 (exploit by stack overflow)

CVE-2018-18026

PoC Code for CVE-2018-18026 (exploit by stack overflow)

soplock

The Simple Opportunistic Lock tool

CVE-2018-16711

PoC code for CVE-2018-16711 (exploit by wrmsr)

SHA-ME

A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.

Code-Rewrites

Programs and scripts I've ported to other languages, mostly for fun.

Spoof-Task-Manager

An example showing how a mutex can stop taskmgr.exe from loading

wat

The Linux coreutils spin off of cat, but for Windows.

The-Good-Bad-Code

Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.

SystemsWork

A repo containing examples relating to various aspects of Windows internals and processor features

HyperCalc

An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.

Check-Administrator-Status

A spin off of Command Prompt Add-ons. This includes examples of how to check privilege status.

Driver-Easy-Research

Python scripts for manipulating Driver Easy's servers

bswap

A Windbg extension for swapping byte endianness.

Musical-Processes

Turn a process' memory into music (32-bit only)

WhoCalls

A program which can query a directory of files, find the binaries, and search for a specified Win API import.

downwithup.github.io

Personal website