NtObjectManager

2.0.1

This module adds a provider and cmdlets to access the NT object manager namespace.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name NtObjectManager

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name NtObjectManager

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2016-2023 Google LLC. All rights reserved.

Package Details

Author(s)

  • James Forshaw

Tags

security defence offence sandbox

Cmdlets

Add-NtKeyHive Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKeyHive New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName New-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute Get-AccessibleEventTrace Test-NtTokenImpersonation Get-AccessibleToken Set-NtProcessJob Get-AccessibleWnf Get-AccessibleWindowStation Get-NtProcessJob Get-NtWindowStation Get-NtDesktop New-NtWindowStation New-NtDesktop Get-Win32Error Set-NtKeyValue Remove-NtKey Get-NtObjectInformation Set-NtObjectInformation Test-NtTokenPrivilege Format-NtJob Add-NtSecurityDescriptorAce New-NtSecurityAttribute Remove-NtSecurityDescriptorAce Invoke-NtToken Set-Win32SecurityDescriptor Reset-Win32SecurityDescriptor Search-Win32SecurityDescriptor Get-Win32SecurityDescriptor Compare-NtSid Test-NtAceCondition Test-NtTokenGroup Test-NtAccessMask Grant-NtAccessMask Revoke-NtAccessMask Select-NtSecurityDescriptorAce Write-NtAudit New-AuthZResourceManager New-AuthZContext Get-AuthZGrantedAccess Add-AuthZSid Remove-AuthZSid Set-NtToken Get-NtTokenDefaultDacl Set-NtTokenDefaultDacl Get-NtKeySymbolicLinkTarget New-NtKeySymbolicLink Rename-NtFile Get-NtFileVolumeInformation Set-NtFileVolumeInformation Send-NtFileControl Get-NtFileAttribute Set-NtFileAttribute Get-NtFileShareProcess Get-NtFileCompression Set-NtFileCompression Get-NtFileLink Get-NtFileStream Get-NtFileObjectId Get-NtFileId Set-NtFileObjectId Remove-NtFileObjectId Get-NtFileFinalPath Add-NtThreadApc New-NtThread New-NtEnclave Get-RandomByte Get-RunningScheduledTask Set-Win32ServiceConfig ConvertTo-NtSecurityDescriptor Compare-NtSecurityDescriptor Clear-AuthZSid Get-AccessibleDsObject Get-Win32GrantedAccess Get-AccessibleFwObject New-KerberosKdcProxy Get-RpcProcess

Functions

Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-Win32ModuleManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Get-NtSecurityDescriptor Get-NtSecurityDescriptorIntegrityLevel Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtWnf Get-NtCachedSigningLevel Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtFileEa Set-NtFileEa Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread Format-NtToken Remove-NtTokenPrivilege Get-NtTokenPrivilege Get-NtLocallyUniqueId Get-NtTokenGroup Get-NtTokenSid Set-NtTokenSid Set-NtTokenGroup Get-NtDesktopName Get-NtWindowStationName Get-NtWindow Format-HexDump Get-NtTypeAccess Get-NtAtom Add-NtAtom Remove-NtAtom Import-Win32Module Get-Win32Module Get-Win32ModuleExport Get-Win32ModuleImport Get-NtDirectoryEntry Remove-NtKeyValue Read-LsaCredential Get-LsaPackage New-LsaCredentialHandle New-LsaServerContext New-LsaClientContext Update-LsaServerContext Update-LsaClientContext Get-LsaAccessToken Get-NtKernelModule Get-NtObjectInformationClass Add-NtSection Remove-NtSection Compare-NtObject Edit-NtSecurityDescriptor Set-NtSecurityDescriptorOwner Set-NtSecurityDescriptorGroup Set-NtSecurityDescriptorIntegrityLevel ConvertFrom-NtAceCondition ConvertFrom-NtSecurityDescriptor Remove-NtSecurityDescriptorOwner Remove-NtSecurityDescriptorGroup New-NtUserGroup New-NtAcl Set-NtSecurityDescriptorDacl Set-NtSecurityDescriptorSacl Copy-NtSecurityDescriptor Test-NtSecurityDescriptor Get-NtSecurityDescriptorOwner Get-NtSecurityDescriptorGroup Get-NtSecurityDescriptorDacl Get-NtSecurityDescriptorSacl Set-NtSecurityDescriptorControl Get-NtSecurityDescriptorControl Remove-NtSecurityDescriptorDacl Remove-NtSecurityDescriptorSacl Remove-NtSecurityDescriptorIntegrityLevel Add-NtSecurityDescriptorControl Remove-NtSecurityDescriptorControl Format-Win32SecurityDescriptor New-ObjectTypeTree Add-ObjectTypeTree ConvertTo-NtAceCondition Get-NtTokenMandatoryPolicy Clear-NtSecurityDescriptorDacl Clear-NtSecurityDescriptorSacl Get-CentralAccessPolicy Remove-ObjectTypeTree Set-ObjectTypeTreeAccess Revoke-ObjectTypeTreeAccess Select-ObjectTypeTree Test-NtObject Get-NtTokenIntegrityLevel Get-NtAuditPolicy Set-NtAuditPolicy Get-NtAuditSecurity Set-NtAuditSecurity Format-LsaAuthToken Get-LsaAuthToken Test-LsaContext Get-NtLogonSession Get-NtAccountRight Get-NtAccountRightSid Get-NtConsoleSession Get-ServicePrincipalName Get-NtTokenId Get-LsaCredential Export-LsaAuthToken Import-LsaAuthToken Get-MD4Hash Format-ASN1DER Import-KerberosKeyTab Export-KerberosKeyTab New-KerberosKey Get-KerberosKey Unprotect-LsaAuthToken Get-KerberosTicket Get-NdrComplexType Get-NtProcessUser Get-NtProcessEnvironment Split-Win32CommandLine Send-NtWindowMessage Get-NtKeyHive Backup-NtKey Restore-NtKey Enable-NtTokenVirtualization Disable-NtTokenVirtualization Read-NtFile Write-NtFile Get-FilterConnectionPort Get-FilterDriver Get-FilterDriverInstance Get-FilterDriverVolume Get-FilterDriverVolumeInstance Add-NtEaBuffer Remove-NtFileEa Get-NtDeviceSetupClass Get-NtDeviceNode Get-NtDeviceInterfaceClass Get-NtDeviceProperty Get-NtDeviceNodeChild Get-NtDeviceInterfaceInstance Get-NtDeviceNodeParent Get-NtDeviceNodeStack Get-NtFileItem Get-NtFileChange Lock-NtFile Unlock-NtFile Get-NtFileDisposition Set-NtFileDisposition Wait-AsyncTaskResult Get-NtFile8dot3Name Send-FilterConnectionPort Test-NtFileDriverPath Get-NtMountPoint New-NtFileReparseBuffer Get-NtFileQuota Set-NtFileQuota Read-NtFileUsnJournal Confirm-NtFileOplock Start-AppModelApplication Get-NtThreadContext Set-NtThreadContext Remove-AppContainerProfile Get-AppModelApplicationPolicy Test-NtProcessJob Get-AppxDesktopBridge Stop-NtJob Get-NtThreadWorkOnBehalfTicket Set-NtThreadWorkOnBehalfTicket Get-NtThreadContainerId Set-NtThreadContainer Clear-NtThreadWorkOnBehalfTicket Compare-NtSigningLevel Get-NtSystemInformation Get-NtSigningLevel Get-X509Certificate Set-NtCachedSigningLevel Invoke-NtEnclave Add-NtAccountRight Remove-NtAccountRight Start-Win32DebugConsole Get-Win32Service Test-NtProcess Get-NtApiSet Clear-NtSidName Add-NtSidName Remove-NtSidName New-Win32Service Remove-Win32Service Test-NtTokenCapability New-Win32DebugConsole Read-Win32DebugConsole Get-Win32ServiceSecurityDescriptor Disconnect-RpcClient Enable-NtTokenPrivilege Disable-NtTokenPrivilege Get-Win32ModuleSymbolFile Get-RpcStringBinding Start-Win32Service Get-Win32ServiceConfig Get-LsaContextSignature Test-LsaContextSignature Protect-LsaContextMessage Unprotect-LsaContextMessage New-LsaSecurityBuffer Get-LsaSchannelCredential Get-LsaCredSSPCredential ConvertFrom-LsaSecurityBuffer ConvertFrom-NtSid Get-AppModelLoopbackException Add-AppModelLoopbackException Remove-AppModelLoopbackException Get-NtSDKName Wait-Win32Service Send-Win32Service Get-Win32ServiceTrigger Set-Win32ServiceSecurityDescriptor Restart-Win32Service Test-Win32Service Format-KerberosTicket ConvertFrom-HexDump Get-Win32ModuleResource Get-LsaPolicy Connect-SamServer Get-SamDomain Get-SamUser Get-SamAlias Get-SamGroup Get-LsaPrivateData Set-LsaPrivateData Get-LsaAccount Get-LsaTrustedDomain Get-LsaSecret Get-SamAliasMember Get-SamGroupMember Get-DsExtendedRight Get-DsSchemaClass Get-LsaName Get-LsaSid Protect-RC4 Get-DsObjectSid Get-DsObjectSchemaClass ConvertTo-ObjectTypeTree Get-DsSchemaAttribute Get-DsHeuristics New-SamUser Get-DsSDRightsEffective Search-DsObjectSid Get-Win32Credential Backup-Win32Credential Select-BinaryString Get-FwEngine Get-FwLayer Get-FwFilter Get-FwSubLayer Remove-FwFilter Format-FwFilter New-FwConditionBuilder Add-FwFilter Get-FwGuid New-FwFilterTemplate Get-FwAleEndpoint Get-FwToken Get-SocketSecurity Set-SocketSecurity Set-SocketPeerTargetName Get-IkeSecurityAssociation Get-FwSession Reset-NtTokenGroup Enable-NtTokenGroup Disable-NtTokenGroup Get-FwNetEvent Read-FwNetEvent New-FwNetEventListener Start-FwNetEventListener Get-IPsecSaContext Get-FwEngineOption Set-FwEngineOption New-FwNetEventTemplate Add-FwCondition Get-FwCallout Add-RpcClientSecurityContext Set-RpcClientSecurityContext Get-RpcClientSecurityContext Get-RpcServicePrincipalName Get-FwProvider Update-Win32Environment New-KerberosChecksum New-KerberosPrincipalName New-KerberosAuthenticator New-KerberosApRequest New-KerberosTicket Add-KerberosTicket Remove-KerberosTicket New-KerberosTicketCache Remove-Win32Credential Set-Win32Credential Protect-Win32Credential Unprotect-Win32Credential Rename-KerberosTicket New-KerberosError Add-KerberosKdcPin Clear-KerberosKdcPin Test-NtSid New-KerberosTgsRequest Send-KerberosKdcRequest New-KerberosAsRequest New-KerberosKdcServer New-KerberosKdcServerUser New-KerberosAuthorizationData Resolve-KerberosKdcAddress Get-ASN1DER New-ASN1DER New-KerberosKeyTab Export-KerberosTicketCache Import-KerberosTicketCache Export-KerberosTicket Import-KerberosTicket New-Win32MemoryBuffer Get-HyperVSocketTable New-RpcTransportSecurity Get-RpcInterface New-RpcClientTransportConfig Get-HyperVSocketAddress Get-RpcClientAssociationGroupId Get-ComProxyFile Format-ComProxyFile

Dependencies

This module has no dependencies.

Release Notes

2.0.1.
--------
* Improvements to RPC tooling.

NOTE: This version is a major refactor of the code. Scripts which only use exposed PowerShell commands
should work when upgrading from v1 to v2, however if you use internal APIs it will almost certainly
not work due to refactoring and renaming. Going forward it's recommended to not rely on internal
APIs to work across releases.

FileList

Version History

Version Downloads Last updated
2.0.1 (current version) 14,698 11/15/2023
2.0.0 3,878 9/12/2023
2.0.0-alpha2... 21 8/31/2023
1.1.33 42,085 1/22/2022
1.1.32 52,757 8/18/2021
1.1.31 4,545 3/16/2021
1.1.30 1,028 1/15/2021
1.1.29 996 11/23/2020
1.1.28 2,212 6/30/2020
1.1.27 2,171 2/10/2020
1.1.26 488 1/21/2020
1.1.25 486 1/2/2020
1.1.24 511 12/10/2019
1.1.23 959 10/15/2019
1.1.22 2,608 4/30/2019
1.1.21 197 4/23/2019
1.1.20 998 3/9/2019
1.1.19 206 2/4/2019
1.1.18 39 2/4/2019
1.1.17 664 9/9/2018
1.1.16 186 8/1/2018
1.1.15 236 6/18/2018
1.1.14 350 5/1/2018
1.1.13 115 4/4/2018
1.1.12 330 3/19/2018
1.1.11 137 3/4/2018
1.1.10 47 3/1/2018
1.1.9 81 2/22/2018
1.1.8 95 2/6/2018
1.1.7 104 1/11/2018
1.1.6 111 12/3/2017
1.1.5 54 11/23/2017
1.1.4 79 11/14/2017
1.1.3 70 11/5/2017
1.1.2 137 10/11/2017
1.1.1 350 8/30/2017
1.1.0 39 8/30/2017
1.0.9 98 8/19/2017
1.0.8 70 8/7/2017
1.0.7 201 6/14/2017
1.0.6 282 5/24/2017
1.0.5 35 5/24/2017
1.0.4 47 5/17/2017
1.0.3 99 2/23/2017
1.0.2 52 2/8/2017
1.0.1 280 11/3/2016
1.0 142 11/1/2016
Show more