DownWithUp

Michael B. DownWithUp

Security researcher. Interested in low-level technologies.

179 followers · 49 following

Achievements

ALPC-Example Public

An example of a client and server using Windows' ALPC functions to send and receive data.

windows-10 lpc example-code windows-internals alpc

C 94 29 Updated Jan 21, 2025
mkit Public

Simple file hiding kernel rootkit for Linux v6

linux rootkit example file-hide

C 1 Updated Nov 3, 2024
downwithup.github.io Public

Personal website

HTML 1 Updated Apr 23, 2023
WarbirdExamples Public

An example of how to use Microsoft Windows Warbird technology

encryption reverse-engineering windows-internals

C 27 3 Updated Apr 23, 2023
HyperCalc Public

An Intel HAXM powered, protected mode, 32 bit, hypervisor addition calculator, written in Rust.

Rust 4 Updated Mar 21, 2023
SystemsWork Public

A repo containing examples relating to various aspects of Windows internals and processor features

C 3 1 Updated Nov 13, 2022
KLoad Public

A simple command line utility to quickly load and unload Windows drivers

Rust 9 2 Updated Jul 9, 2022
KLoad_C Public archive

A simple command line utility to quickly load and unload Windows drivers

C 17 1 Updated Jul 2, 2022
WhoCalls_C Public archive

WhoCalls can query a directory of files, find the binaries, and search for a user specified Win API import. It and works with both 32-bit (PE) and 64-bit (PE32+) file formats (.exe, .dll, .sys)

winapi finder import rva pe file-formats

C 17 5 Updated Jul 2, 2022
WhoCalls Public

A program which can query a directory of files, find the binaries, and search for a specified Win API import.

Rust 1 Updated Apr 7, 2022
WHPHook Public

Simple DLL and client app that work together to hook all the functions in WinHvPlatform.dll in order to provide logging and introspection at the hypervisor level

C++ 15 3 MIT License Updated Dec 1, 2021
DbgKeystone Public

A keystone engine powered Windows Debugger extension

C 11 1 Updated Oct 5, 2021
speakeasy Public
Forked from mandiant/speakeasy

Windows kernel and user mode emulation.

Python 1 MIT License Updated Jun 18, 2021
windbg2ida Public
Forked from SinaKarvandi/windbg2ida

Windbg2ida lets you dump each step in Windbg then shows these steps in IDA

JavaScript 1 GNU General Public License v3.0 Updated Sep 30, 2020
CallMon Public

CallMon is an experimental system call monitoring tool that works on Windows 10 versions 2004+ using PsAltSystemCallHandlers

windows monitoring tool monitoring-tool windowsinternals

C 130 40 Updated Sep 5, 2020
CVE-Stockpile Public

Master list of all my vulnerability discoveries. Mostly 3rd party kernel drivers.

list kernel stockpile exploits cve windows-api exploit-development

C 48 20 Updated Aug 31, 2020
bswap Public

A Windbg extension for swapping byte endianness.

windows debugger extension winapi windbg

C 2 Updated Aug 16, 2020
DynamicKernelShellcode Public

An example of how x64 kernel shellcode can dynamically find and use APIs

Assembly 104 31 Updated May 14, 2020
FakeDriverPoC Public

This is a PoC driver which creates a fake driver and device object with the intent on allowing a user mode program to communicate with a "fake" driver and device.

C 8 5 Updated Jan 24, 2020
SHA-ME Public

A pure WinAPI program that demonstrates translating a file into a SHA-256 hash. Designed to be used as a utility.

utility winapi command-line-tool sha256-hash

C 4 2 Updated Nov 4, 2019
Spoof-Task-Manager Public

An example showing how a mutex can stop taskmgr.exe from loading

winapi task-manager

Assembly 4 1 Updated Sep 18, 2019
soplock Public

The Simple Opportunistic Lock tool

C 5 Updated Aug 12, 2019
WinPools Public

WinPools is an example of how Windows kernel big pool addresses can be leaking using NtQuerySystemInformation

windows api winapi windows-kernel pools

C 13 2 Updated Jun 23, 2019
The-Good-Bad-Code Public

Pushing the limits of bad programming practices. Abusing APIs. Destroying utility programs.

Assembly 4 Updated Jan 28, 2019
wat Public

The Linux coreutils spin off of cat, but for Windows.

Assembly 4 Updated Dec 19, 2018
Driver-Easy-Research Public

Python scripts for manipulating Driver Easy's servers

Python 3 Updated Dec 13, 2018
CVE-2018-16712 Public

PoC Code for CVE-2018-16712 (exploit by MmMapIoSpace)

exploit winapi drivers cve exploit-development

C 25 5 Updated Dec 1, 2018
CVE-2018-18714 Public

PoC Code for CVE-2018-18714 (exploit by stack overflow)

exploit winapi drivers cve exploit-development

C 6 Updated Nov 9, 2018
CVE-2018-18026 Public

PoC Code for CVE-2018-18026 (exploit by stack overflow)

C 6 Updated Nov 7, 2018
CVE-2018-16713 Public

PoC code for CVE-2018-16713 (exploit by rdmsr)

exploit winapi drivers cve exploit-development

C 6 1 Updated Sep 25, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Michael B. DownWithUp

Achievements

Achievements

Block or report DownWithUp

ALPC-Example Public

mkit Public

downwithup.github.io Public

WarbirdExamples Public

HyperCalc Public

SystemsWork Public

KLoad Public

KLoad_C Public archive

WhoCalls_C Public archive

WhoCalls Public

WHPHook Public

DbgKeystone Public

speakeasy Public

windbg2ida Public

CallMon Public

CVE-Stockpile Public

bswap Public

DynamicKernelShellcode Public

FakeDriverPoC Public

SHA-ME Public

Spoof-Task-Manager Public

soplock Public

WinPools Public

The-Good-Bad-Code Public

wat Public

Driver-Easy-Research Public

CVE-2018-16712 Public

CVE-2018-18714 Public

CVE-2018-18026 Public

CVE-2018-16713 Public