NtObjectManager

Owners

• tyranid

Tags

security defence offence sandbox

Cmdlets

Add-NtKeyHive Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKeyHive New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName New-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute Get-AccessibleEventTrace Test-NtTokenImpersonation Get-AccessibleToken Set-NtProcessJob Get-AccessibleWnf Get-AccessibleWindowStation Get-NtProcessJob Get-NtWindowStation Get-NtDesktop New-NtWindowStation New-NtDesktop Get-Win32Error Set-NtKeyValue Remove-NtKey Get-NtObjectInformation Set-NtObjectInformation Test-NtTokenPrivilege Format-NtJob Add-NtSecurityDescriptorAce New-NtSecurityAttribute Remove-NtSecurityDescriptorAce Invoke-NtToken Set-Win32SecurityDescriptor Reset-Win32SecurityDescriptor Search-Win32SecurityDescriptor Get-Win32SecurityDescriptor Compare-NtSid Test-NtAceCondition Test-NtTokenGroup Test-NtAccessMask Grant-NtAccessMask Revoke-NtAccessMask Select-NtSecurityDescriptorAce Write-NtAudit New-AuthZResourceManager New-AuthZContext Get-AuthZGrantedAccess Add-AuthZSid Remove-AuthZSid Set-NtToken Get-NtTokenDefaultDacl Set-NtTokenDefaultDacl Get-NtKeySymbolicLinkTarget New-NtKeySymbolicLink Rename-NtFile Get-NtFileVolumeInformation Set-NtFileVolumeInformation Send-NtFileControl Get-NtFileAttribute Set-NtFileAttribute Get-NtFileShareProcess Get-NtFileCompression Set-NtFileCompression Get-NtFileLink Get-NtFileStream Get-NtFileObjectId Get-NtFileId Set-NtFileObjectId Remove-NtFileObjectId Get-NtFileFinalPath Add-NtThreadApc New-NtThread New-NtEnclave Get-RandomByte Get-RunningScheduledTask

Functions

Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Get-NtSecurityDescriptor Get-NtSecurityDescriptorIntegrityLevel Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtFileEa Set-NtFileEa Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread Format-NtToken Remove-NtTokenPrivilege Get-NtTokenPrivilege Get-NtLocallyUniqueId Get-NtTokenGroup Get-NtTokenSid Set-NtTokenSid Set-NtTokenGroup Get-NtDesktopName Get-NtWindowStationName Get-NtWindow Out-HexDump Get-NtTypeAccess Get-NtAtom Add-NtAtom Remove-NtAtom Import-Win32Module Get-Win32Module Get-Win32ModuleExport Get-Win32ModuleImport Get-NtDirectoryEntry Remove-NtKeyValue Read-AuthCredential Get-AuthPackage Get-AuthCredentialHandle Get-AuthServerContext Get-AuthClientContext Update-AuthServerContext Update-AuthClientContext Get-AuthAccessToken Get-NtKernelModule Get-NtObjectInformationClass Add-NtSection Remove-NtSection Compare-NtObject Edit-NtSecurityDescriptor Set-NtSecurityDescriptorOwner Set-NtSecurityDescriptorGroup Set-NtSecurityDescriptorIntegrityLevel ConvertFrom-NtAceCondition ConvertFrom-NtSecurityDescriptor Remove-NtSecurityDescriptorOwner Remove-NtSecurityDescriptorGroup New-NtUserGroup New-NtAcl Set-NtSecurityDescriptorDacl Set-NtSecurityDescriptorSacl Copy-NtSecurityDescriptor Test-NtSecurityDescriptor Get-NtSecurityDescriptorOwner Get-NtSecurityDescriptorGroup Get-NtSecurityDescriptorDacl Get-NtSecurityDescriptorSacl Set-NtSecurityDescriptorControl Get-NtSecurityDescriptorControl Remove-NtSecurityDescriptorDacl Remove-NtSecurityDescriptorSacl Remove-NtSecurityDescriptorIntegrityLevel Add-NtSecurityDescriptorControl Remove-NtSecurityDescriptorControl Format-Win32SecurityDescriptor New-ObjectTypeTree Add-ObjectTypeTree ConvertTo-NtAceCondition Get-NtTokenMandatoryPolicy Clear-NtSecurityDescriptorDacl Clear-NtSecurityDescriptorSacl Get-CentralAccessPolicy Remove-ObjectTypeTree Set-ObjectTypeTreeAccess Revoke-ObjectTypeTreeAccess Select-ObjectTypeTree Test-NtObject Get-NtTokenIntegrityLevel Get-NtAuditPolicy Set-NtAuditPolicy Get-NtAuditSecurity Set-NtAuditSecurity Format-AuthToken Get-AuthToken Test-AuthContext Get-NtLogonSession Get-NtAccountRight Get-NtAccountRightSid Get-NtConsoleSession Get-ServicePrincipalName Get-NtTokenId Get-AuthCredential Export-AuthToken Import-AuthToken Get-MD4Hash Format-ASN1DER Import-KerberosKeyTab Export-KerberosKeyTab New-KerberosKey Get-KerberosKey Unprotect-AuthToken Get-KerberosTicket Get-NdrComplexType Get-NtProcessUser Get-NtProcessEnvironment Split-Win32CommandLine Send-NtWindowMessage Get-NtKeyHive Backup-NtKey Restore-NtKey Enable-NtTokenVirtualization Disable-NtTokenVirtualization Read-NtFile Write-NtFile Get-FilterConnectionPort Get-FilterDriver Get-FilterDriverInstance Get-FilterDriverVolume Get-FilterDriverVolumeInstance Add-NtEaBuffer Remove-NtFileEa Get-NtDeviceSetupClass Get-NtDeviceNode Get-NtDeviceInterfaceClass Get-NtDeviceProperty Get-NtDeviceNodeChild Get-NtDeviceInterfaceInstance Get-NtDeviceNodeParent Get-NtDeviceNodeStack Get-NtFileItem Get-NtFileChange Lock-NtFile Unlock-NtFile Get-NtFileDisposition Set-NtFileDisposition Wait-AsyncTaskResult Get-NtFile8dot3Name Send-FilterConnectionPort Test-NtFileDriverPath Get-NtMountPoint New-NtFileReparseBuffer Get-NtFileQuota Set-NtFileQuota Read-NtFileUsnJournal Confirm-NtFileOplock Start-AppModelApplication Get-NtThreadContext Set-NtThreadContext Remove-AppContainerProfile Get-AppModelApplicationPolicy Test-NtProcessJob Get-AppxDesktopBridge Stop-NtJob Get-NtThreadWorkOnBehalfTicket Set-NtThreadWorkOnBehalfTicket Get-NtThreadContainerId Set-NtThreadContainer Clear-NtThreadWorkOnBehalfTicket Compare-NtSigningLevel Get-NtSystemInformation Get-NtSigningLevel Get-X509Certificate Set-NtCachedSigningLevel Invoke-NtEnclave Add-NtAccountRight Remove-NtAccountRight Start-Win32DebugConsole Get-Win32Service Test-NtProcess Get-NtApiSet Clear-NtSidName Add-NtSidName Remove-NtSidName New-Win32Service Remove-Win32Service Test-NtTokenCapability New-Win32DebugConsole Read-Win32DebugConsole Get-Win32ServiceSecurityDescriptor

Dependencies

This module has no dependencies.

Release Notes

1.1.30
--------
* Fixed issue when displaying only a SACL with Format-NtSecurityDescriptor.
* Added basic named pipe support for RPC clients.
* Fixed issue enumerating per-user audit rules.
* Added view accessor for safe buffers.
* Improved debug tracing for RPC clients.
* Improved handling of paths with local files commands.
* Fixed path issue with Set-Win32SecurityDescriptor.
* Added querying trace providers from the WMI security key.