A tracker DLL which enables 'NTAPI->Syscall' tracking whenever it is loaded. It calls 'NtSetInformationProcess' API call with a callback hook and 'ProcessInstrumentationCallback' class to track all syscalls being performed via the userland.
☆14Oct 21, 2024Updated last year
Alternatives and similar repositories for PI-Tracker
Users that are interested in PI-Tracker are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Section-based payload obfuscation technique for x64☆64Aug 8, 2024Updated last year
- A Simple PoC☆22May 24, 2024Updated last year
- ☆108Aug 21, 2024Updated last year
- A rust proof of concept to demonstrate registry overwriting via RegRestoreKey using the Offline Registry Library☆24Nov 13, 2025Updated 4 months ago
- DLL proxy load example using the Windows thread pool API, I/O completion callback with named pipes, and C++/assembly☆65Mar 19, 2024Updated 2 years ago
- A collection of position independent coding resources☆109Nov 15, 2025Updated 4 months ago
- Repository to gather the .NET malware I will be developing☆18Mar 7, 2026Updated 2 weeks ago
- This repo goes with the blog entry at blog.malicious.group entitled "Writing your own RDI / sRDI loader using C and ASM".☆87Apr 11, 2023Updated 2 years ago
- A pure C version of SymProcAddress☆30Mar 17, 2024Updated 2 years ago
- ☆31Jul 26, 2024Updated last year
- ☆126Sep 1, 2024Updated last year
- A VSCode plugin to assist with BOF development.☆37Aug 14, 2024Updated last year
- Unused DLL hollowing PoC in Nim☆17Jan 31, 2022Updated 4 years ago
- About C# loader that copies a chunk at the time of the shellcode in memory in a suspended process, rather that all at once☆13Jul 14, 2022Updated 3 years ago
- ☆123Oct 9, 2023Updated 2 years ago
- ☆101Oct 7, 2023Updated 2 years ago
- Linux Sleep Obfuscation☆112Jan 7, 2024Updated 2 years ago
- ☆46Jun 21, 2023Updated 2 years ago
- Halos Gate-based NTAPI Unhooker☆52Apr 21, 2022Updated 3 years ago
- A proof-of-concept shellcode loader that leverages AI/ML face recognition models to verify the identity of a user on a target system☆43Oct 30, 2024Updated last year
- A simple BOF (Beacon Object File) to search files in the system☆15Dec 2, 2023Updated 2 years ago
- Crystal Palace library for proxying Nt API calls via the Threadpool. Updated for call gadgets.☆19Nov 11, 2025Updated 4 months ago
- Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+☆36Dec 1, 2025Updated 3 months ago
- Threadless shellcode injection tool☆68Aug 5, 2024Updated last year
- Command and Control Framework using powershell implants☆36Jun 17, 2025Updated 9 months ago
- EmbedExeLnk by x86matthew modified by d4rkiZ☆45Apr 27, 2023Updated 2 years ago
- ☆110Feb 17, 2025Updated last year
- Moonwalk++: Simple POC Combining StackMoonwalking and Memory Encryption☆210Dec 17, 2025Updated 3 months ago
- Reproducing the SkeletonKey malware.☆11Apr 6, 2024Updated last year
- Rust implementation of the Process Herpaderping☆26Jul 6, 2023Updated 2 years ago
- Activation Context Hijack☆172Aug 3, 2025Updated 7 months ago
- Linux dynamic loader implimentation for self containment☆12Jul 7, 2019Updated 6 years ago
- Selective In-Memory Syscall Unhooking, a stealthy method to bypass user-mode hooks in ntdll.dll☆37Mar 11, 2026Updated last week
- Dynamically convert an unmanaged EXE or DLL file to PIC shellcode by prepending a shellcode stub.☆327Apr 12, 2024Updated last year
- Toolkit of Projects to attack and evade Event Trace for Windows☆26Aug 28, 2025Updated 6 months ago
- Remote BOF Runner is a Havoc extension framework for remote execution of Beacon Object Files (BOFs) using a PIC loader made with Crystal …☆91Jan 2, 2026Updated 2 months ago
- A Rust template for writing Beacon Object Files (BOFs)☆113Feb 11, 2026Updated last month
- ☆46Dec 5, 2023Updated 2 years ago
- Lockless BOF☆79May 2, 2025Updated 10 months ago