NtObjectManager

1.1.28

This module adds a provider and cmdlets to access the NT object manager namespace.

Minimum PowerShell version

3.0

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name NtObjectManager

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

James Forshaw

Copyright

(c) 2016-2020 Google Inc. All rights reserved.

Owners

Tags

security defence offence sandbox

Cmdlets

Add-NtKeyHive Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKeyHive New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName Set-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute Get-AccessibleEventTrace Test-NtTokenImpersonation Get-AccessibleToken Set-NtProcessJob Get-AccessibleWnf Get-AccessibleWindowStation Get-NtProcessJob Get-NtWindowStation Get-NtDesktop New-NtWindowStation New-NtDesktop Get-Win32Error Set-NtKeyValue Remove-NtKey Get-NtObjectInformation Set-NtObjectInformation Test-NtTokenPrivilege Format-NtJob Add-NtSecurityDescriptorAce New-NtSecurityAttribute Remove-NtSecurityDescriptorAce Invoke-NtToken Set-Win32SecurityDescriptor Reset-Win32SecurityDescriptor Search-Win32SecurityDescriptor Get-Win32SecurityDescriptor Compare-NtSid Test-NtAceCondition Test-NtTokenGroup Test-NtAccessMask Grant-NtAccessMask Revoke-NtAccessMask Select-NtSecurityDescriptorAce Write-NtAudit New-AuthZResourceManager New-AuthZContext Get-AuthZGrantedAccess Add-AuthZSid Remove-AuthZSid Set-NtToken Get-NtTokenDefaultDacl Set-NtTokenDefaultDacl

Functions

Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Get-NtSecurityDescriptor Get-NtSecurityDescriptorIntegrityLevel Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtEaBuffer Set-NtEaBuffer Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread Format-NtToken Remove-NtTokenPrivilege Get-NtTokenPrivilege Get-NtLocallyUniqueId Get-NtTokenGroup Get-NtTokenSid Set-NtTokenSid Set-NtTokenGroup Get-NtDesktopName Get-NtWindowStationName Get-NtWindow Out-HexDump Get-NtTypeAccess Get-NtAtom Add-NtAtom Remove-NtAtom Import-Win32Module Get-Win32Module Get-Win32ModuleExport Get-Win32ModuleImport Get-NtDirectoryEntry Remove-NtKeyValue Read-AuthCredential Get-AuthPackage Get-AuthCredentialHandle Get-AuthServerContext Get-AuthClientContext Update-AuthServerContext Update-AuthClientContext Get-AuthAccessToken Get-NtKernelModule Get-NtObjectInformationClass Add-NtSection Remove-NtSection Compare-NtObject Edit-NtSecurityDescriptor Set-NtSecurityDescriptorOwner Set-NtSecurityDescriptorGroup Set-NtSecurityDescriptorIntegrityLevel ConvertFrom-NtAceCondition ConvertFrom-NtSecurityDescriptor Remove-NtSecurityDescriptorOwner Remove-NtSecurityDescriptorGroup New-NtUserGroup New-NtAcl Set-NtSecurityDescriptorDacl Set-NtSecurityDescriptorSacl Copy-NtSecurityDescriptor Test-NtSecurityDescriptor Get-NtSecurityDescriptorOwner Get-NtSecurityDescriptorGroup Get-NtSecurityDescriptorDacl Get-NtSecurityDescriptorSacl Set-NtSecurityDescriptorControl Get-NtSecurityDescriptorControl Remove-NtSecurityDescriptorDacl Remove-NtSecurityDescriptorSacl Remove-NtSecurityDescriptorIntegrityLevel Add-NtSecurityDescriptorControl Remove-NtSecurityDescriptorControl Format-Win32SecurityDescriptor New-ObjectTypeTree Add-ObjectTypeTree ConvertTo-NtAceCondition Get-NtTokenMandatoryPolicy Clear-NtSecurityDescriptorDacl Clear-NtSecurityDescriptorSacl Get-CentralAccessPolicy Remove-ObjectTypeTree Set-ObjectTypeTreeAccess Revoke-ObjectTypeTreeAccess Select-ObjectTypeTree Test-NtObject Get-NtTokenIntegrityLevel Get-NtAuditPolicy Set-NtAuditPolicy Get-NtAuditSecurity Set-NtAuditSecurity Format-AuthToken Get-AuthToken Test-AuthContext Get-NtLogonSession Get-NtAccountRight Get-NtAccountRightSid Get-NtConsoleSession Get-ServicePrincipalName Get-NtTokenId Get-AuthCredential Export-AuthToken Import-AuthToken Get-MD4Hash Format-ASN1DER Import-KerberosKeyTab Export-KerberosKeyTab New-KerberosKey Get-KerberosKey Unprotect-AuthToken Get-KerberosTicket Get-NdrComplexType

Dependencies

This module has no dependencies.

Release Notes

1.1.28
--------
* Added Import-Win32Module and Get-Win32Module.
* Added support for Registry Keys in the NtObjectManager provider.
* Added Get-NtDirectoryEntry.
* Added Win32 CreateRemoteThread.
* Added addition Registry Key functions.
* Added Network Authentication commands.
* Added Authentication Token formatting commands.
* Added new filtering features to TokenViewer.
* Improved cmdlets for getting and setting object information classes.
* Added Add-NtSection and Remove-NtSection.
* Added Compare-NtObject.
* Added Test-NtTokenPrivilege.
* Added type parsing from PDBs via SymbolResolver.
* Added a summary format to Format-NtSecurityDescriptor.
* Added Out-HexDump.
* Added C# compiler support for .NET Core Support of Get-RpcClient.
* Updated New-NtSecurityDescriptor and Edit-NtSecurityDescriptor.
* Basic C++ NDR formatting from irsl@.
* Added Format-NtJob.
* Added New-NtSecurityAttribute and Get-NtAceConditionData.
* Added Device/User Claims to Token Viewer and Format-NtToken.
* Added many different commands to manipulate Security Descriptors.
* Added Win32 Security Descriptor commands.
* Added filtering for accessible path commands.
* Added Audit support.
* Added basic AuthZ API support.
* Added basic ASN.1 DER parsing and Format-ASN1DER command.
* Added Kerberos Keytab file reading and writing.

Version History

Version Downloads Last updated
1.1.28 (current version) 151 6/30/2020
1.1.27 2,117 2/10/2020
1.1.26 417 1/21/2020
1.1.25 427 1/2/2020
1.1.24 476 12/10/2019
1.1.23 920 10/15/2019
1.1.22 2,369 4/30/2019
1.1.21 49 4/23/2019
1.1.20 437 3/9/2019
1.1.19 177 2/4/2019
1.1.18 17 2/4/2019
1.1.17 618 9/9/2018
1.1.16 161 8/1/2018
1.1.15 195 6/18/2018
1.1.14 236 5/1/2018
1.1.13 94 4/4/2018
1.1.12 227 3/19/2018
1.1.11 80 3/4/2018
1.1.10 23 3/1/2018
1.1.9 57 2/22/2018
1.1.8 75 2/6/2018
1.1.7 83 1/11/2018
1.1.6 88 12/3/2017
1.1.5 33 11/23/2017
1.1.4 55 11/14/2017
1.1.3 39 11/5/2017
1.1.2 84 10/11/2017
1.1.1 134 8/30/2017
1.1.0 8 8/30/2017
1.0.9 75 8/19/2017
1.0.8 48 8/7/2017
1.0.7 142 6/14/2017
1.0.6 216 5/24/2017
1.0.5 12 5/24/2017
1.0.4 25 5/17/2017
1.0.3 77 2/23/2017
1.0.2 32 2/8/2017
1.0.1 192 11/3/2016
1.0 97 11/1/2016