Skip to content

Releases: googleprojectzero/sandbox-attacksurface-analysis-tools

Updated version to v1.1.5

24 Nov 09:50
@tyranid tyranid
v1.1.5
d83a0f2
Compare
Choose a tag to compare
Updated version to v1.1.5 
Fix namespaces for moved utils.
Assets 3
Loading

v1.1.4

14 Nov 16:21
@tyranid tyranid
v1.1.4
5d3d858
Compare
Choose a tag to compare
v1.1.4 
Updated to version 1.1.4
Assets 2
Loading

v1.1.3

05 Nov 22:59
@tyranid tyranid
v1.1.3
6e59d5d
Compare
Choose a tag to compare
v1.1.3 
Updated version to 1.1.3
Assets 2
Loading

Release of v1.1.1

30 Aug 12:46
@tyranid tyranid
v1.1.1
8919ab7
Compare
Choose a tag to compare
Release of v1.1.1

1.1.1

  • Fix to native protected process creation.
  • Added functions to create native NT processes.
Assets 3
Loading

Release of v1.1.0

30 Aug 11:05
@tyranid tyranid
v1.1.0
ec23640
Compare
Choose a tag to compare
Release of v1.1.0

1.1.0

  • Removed check tools, excluding CheckNetworkAccess.
  • Added basic Job object cmdlets.
  • Added creation of protected processes in Win32Process.
  • Added service access checking cmdlet.
  • Added get executable manifest cmdlet.
Assets 3
Loading

Release v1.0.9

19 Aug 13:38
@tyranid tyranid
v1.0.9
5d4e9b5
Compare
Choose a tag to compare
Release v1.0.9

Release Notes:

1.0.9

  • Made New-Win32Process more generic and added support for Win32k filter enable.
  • Added function to capture token from a process using impersonation.
  • Added basic support for Desktop and WindowStation objects using Win32u.dll exports.
  • Added file locking implementation including async.
  • Added hardlink enumeration.
  • Added NTFS stream enumeration.
  • Deprecated most of the old standalone utilities in favour of PS cmdlets.

1.0.8

  • Added cmdlets to create a kernel memory dump, system environment and licensing.
  • Additional system calls implemented.
  • Added access to secure boot policies and code integrity policies.
  • Made Win32 Process creation more generic and added cmdlet.
  • Added access check by type including SELF SID.
Assets 3
Loading

Release v1.0.7

14 Jun 22:14
@tyranid tyranid
v1.0.7
4de463f
Compare
Choose a tag to compare
Release v1.0.7

1.0.7

  • Added new cmdlets to do access checking. Many of the old standalone utilities are now deprecated.
  • Added cmdlets to create lowbox tokens
  • Added list of known capability SIDs and resolve them during name lookup
  • Added cmdlet to get a SID
  • Added cmdlet to do a standalone access checking
  • Reworked the APIs to include non-throwing versions of many of the core Open/Create methods.
  • Made NtType more inspectable, includes access enumeration and rationalizes the opening methods.
  • Various additional properties such as extended process flags, checking for LPAC
  • Rework of access mask handling. Now all low-level APIs use an AccessMask structure which has
    conversion operators to and from other enumerations.
  • Various other bug fixes.
Assets 2
Loading

Support for filtering token.

06 Jun 20:04
@tyranid tyranid
v1.0.6
a69bbf8
Compare
Choose a tag to compare
Support for filtering token. 
v1.0.6

Fixed typo
Assets 2
Loading

Released v1.0.5

24 May 13:39
@tyranid tyranid
v1.0.5
c890273
Compare
Choose a tag to compare
Released v1.0.5

1.0.5

  • Added additional Known SIDs
  • Unified the variant Get-NtToken* cmdlets into one.
  • Added additional token cmdlets such as Logon and Clipboard.
  • Added initial support for IO Completion Ports
  • Added object creation time property
  • Added support to set a process device map
  • Added top level CanSynchronize property to NtObject
  • Bugs fixes from Rustam Agametov
  • Made process list in token viewer a list rather than a tree and made a separate handle tab.
Assets 2
Loading

Release v1.0.4

18 May 13:07
@tyranid tyranid
v1.0.4
e8ec653
Compare
Choose a tag to compare
Release v1.0.4 
Updated to 1.0.4 and added NuGet spec.
Assets 3
Loading