Michael B. (@DownWithUp)
  • Stars
    star
    604
  • Global Rank 48,973 (Top 2 %)
  • Followers 172
  • Following 48
  • Registered almost 9 years ago
  • Most used languages
    C
    58.8 %
    Assembly
    17.6 %
    Rust
    8.8 %
    Pascal
    5.9 %
    Python
    2.9 %
    C++
    2.9 %
    HTML
    2.9 %
  • Location 🇺🇸 United States
  • Country Total Rank 13,669
  • Country Ranking
    Pascal
    194
    C
    737
    Rust
    3,165
    C++
    9,186

Top repositories

1

CallMon

CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
C
128
star
2

DynamicKernelShellcode

An example of how x64 kernel shellcode can dynamically find and use APIs
Assembly
103
star
3

ALPC-Example

An example of a client and server using Windows' ALPC functions to send and receive data.
C
88
star
4

CVE-Stockpile

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
C
47
star
5

CVE-2018-16712

PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
C
25
star
6

WarbirdExamples

An example of how to use Microsoft Windows Warbird technology
C
24
star
7

WhoCalls_C

WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)
C
17
star
8

KLoad_C

A simple command line utility to quickly load and unload Windows drivers
C
16
star
9

WinPools

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation
C
14
star
10

WHPHook

Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level
C++
13
star
11

CVE-2018-15499

PoC code for CVE-2018-15499 (exploit race condition for BSoD)
C
11
star
12

DbgKeystone

A keystone engine powered Windows Debugger extension
C
10
star
13

Windows-Syscalls-Examples

Examples of how to use Syscalls in various Windows versions and architectures.
Assembly
10
star
14

IOCTL-Flooder

IOCTL-Flooder is a verbose tool designed to help with Windows driver fuzzing by brute forcing IOCTLs on loaded drivers. GetLastError is used to guess validity
C
10
star
15

KLoad

A simple command line utility to quickly load and unload Windows drivers
Rust
9
star
16

FakeDriverPoC

This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.
C
7
star
17

CVE-2018-16713

PoC code for CVE-2018-16713 (exploit by rdmsr)
C
6
star
18

CVE-2018-18714

PoC Code for CVE-2018-18714 (exploit by stack overflow)
C
6
star
19

CVE-2018-18026

PoC Code for CVE-2018-18026 (exploit by stack overflow)
C
6
star
20

soplock

The Simple Opportunistic Lock tool
C
5
star
21

CVE-2018-16711

PoC code for CVE-2018-16711 (exploit by wrmsr)
C
5
star
22

SHA-ME

A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.
C
4
star
23

Code-Rewrites

Programs and scripts I've ported to other languages, mostly for fun.
Pascal
4
star
24

Spoof-Task-Manager

An example showing how a mutex can stop taskmgr.exe from loading
Assembly
4
star
25

wat

The Linux coreutils spin off of cat, but for Windows.
Assembly
4
star
26

The-Good-Bad-Code

Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.
Assembly
4
star
27

SystemsWork

A repo containing examples relating to various aspects of Windows internals and processor features
C
3
star
28

HyperCalc

An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.
Rust
3
star
29

Check-Administrator-Status

A spin off of Command Prompt Add-ons. This includes examples of how to check privilege status.
Assembly
3
star
30

Driver-Easy-Research

Python scripts for manipulating Driver Easy's servers
Python
3
star
31

bswap

A Windbg extension for swapping byte endianness.
C
2
star
32

Musical-Processes

Turn a process' memory into music (32-bit only)
Pascal
2
star
33

WhoCalls

A program which can query a directory of files, find the binaries, and search for a specified Win API import.
Rust
1
star
34

downwithup.github.io

Personal website
HTML
1
star