Tracker.exe

~/Privilege Escalation/Windows/Binaries# cat Tracker.exe.md █

Tool included with Microsoft .Net Framework.

Paths:

N/A

Detection:

Execute

Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.

Tracker.exe /d .\calc.dll /c C:\Windows\write.exe

AWL bypass

Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.

Tracker.exe /d .\calc.dll /c C:\Windows\write.exe