.. / Tracker.exe
Star

Execute
AWL bypass

Tool included with Microsoft .Net Framework.

Paths:

Resources:
https://twitter.com/subTee/status/793151392185589760
https://attack.mitre.org/wiki/Execution

Acknowledgement:

Detection:

Execute

Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.

Tracker.exe /d .\calc.dll /c C:\Windows\write.exe

Usecase:Injection of locally stored DLL file into target process.
Privileges required:User
OS:Windows
Mitre:T1218

AWL bypass

Use tracker.exe to proxy execution of an arbitrary DLL into another process. Since tracker.exe is also signed it can be used to bypass application whitelisting solutions.

Tracker.exe /d .\calc.dll /c C:\Windows\write.exe

Usecase:Injection of locally stored DLL file into target process.
Privileges required:User
OS:Windows
Mitre:T1218

.. / Tracker.exe Star

Execute

AWL bypass

.. / Tracker.exe
Star