Releases: googleprojectzero/sandbox-attacksurface-analysis-tools
Releases · googleprojectzero/sandbox-attacksurface-analysis-tools
Updated to v1.1.25
1.1.25
- Added new options to Get-NtSecurityDescriptor.
- Updated accessible resource checking.
- Added Remove-NtTokenPrivilege.
- Added Session option to Get-NtToken.
- Added command line option to Show-NtToken.
- Added information classes for symbolic links.
Updated to v1.1.24
1.1.24
- Added Add-NtTokenSecurityAttribute and Remove-NtTokenSecurityAttribute cmdlets.
- Added additional properties for running servies.
- Added support for drivers to Get-RunningService and Get-AccesibleService.
- Added fake service NtType objects for services and SCM to allow formatting and the UI.
- Added NtType property to security descriptors.
- Added option to Show-NtToken to elevate to admin.
- Added Suspend, Resume and Stop process commands.
- Added Get-NtEaBuffer and Set-NtEaBuffer commands.
- Added open to Get-NtDebug to get from a process.
Updated to v1.1.23
1.1.23
- Added basic ETW APIs.
- Added new thread properties.
- Added Close-NtObject function.
- Added Get-AccessibleScheduledTask cmdlet.
- Added typing for New-ExecutionAlias and renamed to Set-ExecutionAlias.
- Added Compare-RpcServer.
- Fixed handling of FQBN token security attributes.
- Added option to Format-RpcClient to output to a directory.
- Added Select-RpcServer cmdlet.
- Added RPC ALPC port brute force.
Updated to v1.1.22
1.1.22
- Removed old standalone utilities, everything should be accessible from PowerShell.
- Added Test-NetworkAccess cmdlet to replace CheckNetworkAccess utility.
- Added Set-NtFileHardlink cmdlet.
- Various fixes for RPC client code.
Updated to v1.1.21
1.1.21
- Various updates to the NDR parser, including new types and support for correlation expressions.
- Added complete transaction cmdlets.
- Added extended process creation flags for Win32Process.
- Added Format-NtSecurityDescriptor to display on the console
- Added Copy-NtObject cmdlet.
- Added basic RPC ALPC client support.
- Added option to specify a debug object for a Win32 process.
- Added processor system information.
Updated to v1.1.20.
- Added basic ALPC support including cmdlets.
- Added better debug support including cmdlets.
- Display container access rights in SD GUI and also extract SACL if available.
- Added Set/Get-NtProcessMitigation policy to get specific policies.
- Exposed process mitigation policies using flag enums.
- Added Win32.AppContainerProfile to create and delete AC profiles.
- Many new non-throwing methods added to objects.
- Added ReadScatter and WriteGather methods to NtFile.
- Improved formatting of IO Control Codes.
- Added ability to acknowledge oplock breaks.
- Added Wow64 FS redirection support.
- Use proper WIN32 NT status facility for Win32 errors as status codes.
- Added read/write to file from safe buffers.
- Added methods to zero or fill safe buffers using native methods.
- Fix bug with querying BnoIsolationPrefix which next took into account the enable flag correctly.
- Fix from diversenok "Improve detection of restricted tokens (#20)"
- Code cleanups and source code separation.
Updated to v1.1.19
Bug fix release. Don't use v1.1.18.
Updated to v1.1.18.
Added Set-NtObjectInformation and Get-NtObjectInformation functions.
Updated to v1.1.17
Updated to version v1.1.17
Updated to v1.1.16
Updated version to 1.1.16.