DownWithUp

Security researcher. Interested in low-level technologies.

Internet

Pinned Repositories

ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
Language:C84 4 128
CallMon
CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
Language:C124 11 140
CVE-2018-16712
PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
Language:C25 2 05
CVE-Stockpile
Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
Language:C45 4 019
DynamicKernelShellcode
An example of how x64 kernel shellcode can dynamically find and use APIs
Language:Assembly102 5 031
HyperCalc
An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.
Language:Rust3 2 00
WarbirdExamples
An example of how to use Microsoft Windows Warbird technology
Language:C24 1 03
WhoCalls_C
WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)
Language:C17 3 05
WHPHook
Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level
Language:C++13 3 03
WinPools
WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation
Language:C14 2 02

DownWithUp's Repositories

DownWithUp/CallMon
CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers
Language:C124 11 140
DownWithUp/DynamicKernelShellcode
An example of how x64 kernel shellcode can dynamically find and use APIs
Language:Assembly102 5 031
DownWithUp/ALPC-Example
An example of a client and server using Windows' ALPC functions to send and receive data.
Language:C84 4 128
DownWithUp/CVE-Stockpile
Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.
Language:C45 4 019
DownWithUp/CVE-2018-16712
PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)
Language:C25 2 05
DownWithUp/WarbirdExamples
An example of how to use Microsoft Windows Warbird technology
Language:C24 1 03
DownWithUp/WhoCalls_C
WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)
Language:C17 3 05
DownWithUp/WinPools
WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation
Language:C14 2 02
DownWithUp/KLoad_C
A simple command line utility to quickly load and unload Windows drivers
Language:C13 2 01
DownWithUp/WHPHook
Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level
Language:C++13 3 03
DownWithUp/DbgKeystone
A keystone engine powered Windows Debugger extension
Language:C10 2 01
DownWithUp/KLoad
A simple command line utility to quickly load and unload Windows drivers
Language:Rust9 2 02
DownWithUp/FakeDriverPoC
This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.
Language:C7 2 05
DownWithUp/CVE-2018-16713
PoC code for CVE-2018-16713 (exploit by rdmsr)
Language:C6 2 01
DownWithUp/CVE-2018-18026
PoC Code for CVE-2018-18026 (exploit by stack overflow)
Language:C6 2 0
DownWithUp/CVE-2018-18714
PoC Code for CVE-2018-18714 (exploit by stack overflow)
Language:C6 2 01
DownWithUp/CVE-2018-16711
PoC code for CVE-2018-16711 (exploit by wrmsr)
Language:C5 2 11
DownWithUp/soplock
The Simple Opportunistic Lock tool
Language:C5 2 01
DownWithUp/SHA-ME
A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.
Language:C4 2 02
DownWithUp/Spoof-Task-Manager
An example showing how a mutex can stop taskmgr.exe from loading
Language:Assembly4 3 01
DownWithUp/The-Good-Bad-Code
Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.
Language:Assembly4 2 0
DownWithUp/wat
The Linux coreutils spin off of cat, but for Windows.
Language:Assembly4 2 0
DownWithUp/Driver-Easy-Research
Python scripts for manipulating Driver Easy's servers
Language:Python3 2 0
DownWithUp/HyperCalc
An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.
Language:Rust3 2 00
DownWithUp/bswap
A Windbg extension for swapping byte endianness.
Language:C2 2 01
DownWithUp/SystemsWork
A repo containing examples relating to various aspects of Windows internals and processor features
Language:C2 2 01
DownWithUp/downwithup.github.io
Personal website
Language:HTML1 1 0
DownWithUp/speakeasy
Windows kernel and user mode emulation.
Language:Python1 1 0
DownWithUp/WhoCalls
A program which can query a directory of files, find the binaries, and search for a specified Win API import.
Language:Rust1 2 0
DownWithUp/windbg2ida
Windbg2ida lets you dump each step in Windbg then shows these steps in IDA
Language:JavaScript1 1 0