A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback hook and 'ProcessInstrumentationCallback' class to track all syscalls being performed via the userland.
☆14Oct 21, 2024Updated last year
Alternatives and similar repositories for PI-Tracker
Users that are interested in PI-Tracker are comparing it to the libraries listed below
Sorting:
- Repository to gather the .NET malware I will be developing☆18Mar 23, 2025Updated 11 months ago
- Unused DLL hollowing PoC in Nim☆17Jan 31, 2022Updated 4 years ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- ☆108Aug 21, 2024Updated last year
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆63Mar 19, 2024Updated last year
- A Simple PoC☆22May 24, 2024Updated last year
- About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once☆13Jul 14, 2022Updated 3 years ago
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 3 months ago
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated last year
- ☆31Jul 26, 2024Updated last year
- ☆46Jun 21, 2023Updated 2 years ago
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- ☆123Oct 9, 2023Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- ☆126Sep 1, 2024Updated last year
- A collection of position independent coding resources☆107Nov 15, 2025Updated 3 months ago
- Reproducing the SkeletonKey malware.☆11Apr 6, 2024Updated last year
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- ☆101Oct 7, 2023Updated 2 years ago
- This repo contains code of JScript .NET which can be used as alternative to csc.exe to run potentially malicious code, which ships in all…☆13Nov 8, 2019Updated 6 years ago
- Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+☆35Dec 1, 2025Updated 3 months ago
- Threadless shellcode injection tool☆68Aug 5, 2024Updated last year
- A Rust template for writing Beacon Object Files (BOFs)☆100Feb 11, 2026Updated 2 weeks ago
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆42Oct 30, 2024Updated last year
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- Rust implementation of the Process Herpaderping☆26Jul 6, 2023Updated 2 years ago
- Bind shell that uses Named Pipes as transport and execute PowerShell code through Runspaces.☆16Sep 13, 2019Updated 6 years ago
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- Shellcode Loader using indirect syscalls☆16Jan 21, 2024Updated 2 years ago
- ☆109Feb 17, 2025Updated last year
- miscellaneous codes☆36Sep 24, 2023Updated 2 years ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆43Apr 27, 2023Updated 2 years ago
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆202Dec 17, 2025Updated 2 months ago
- TeamServer and Client of Exploration Command and Control Framework☆176Jan 6, 2026Updated last month
- example using NtCreateUserProcess in rust☆19Jan 20, 2025Updated last year
- A collection of (even more) alternative shellcode callback methods in CSharp☆81Oct 26, 2024Updated last year
- XDNR is a X0R Cryptor along with DEC/N0T/R0R encoder plus random byte insertion encoder, that generates null free encrypted and encoded s…☆17Jul 12, 2022Updated 3 years ago
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 8 months ago
- ☆18Dec 9, 2023Updated 2 years ago