ZNtObjectManager
1.1.34
This module adds a provider and cmdlets to access the NT object manager namespace.
Minimum PowerShell version
3.0
Installation Options
Owners
Package Details
Author(s)
- James Forshaw
Tags
security defence offence sandbox
Cmdlets
Add-NtKeyHive Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKeyHive New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName New-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute Get-AccessibleEventTrace Test-NtTokenImpersonation Get-AccessibleToken Set-NtProcessJob Get-AccessibleWnf Get-AccessibleWindowStation Get-NtProcessJob Get-NtWindowStation Get-NtDesktop New-NtWindowStation New-NtDesktop Get-Win32Error Set-NtKeyValue Remove-NtKey Get-NtObjectInformation Set-NtObjectInformation Test-NtTokenPrivilege Format-NtJob Add-NtSecurityDescriptorAce New-NtSecurityAttribute Remove-NtSecurityDescriptorAce Invoke-NtToken Set-Win32SecurityDescriptor Reset-Win32SecurityDescriptor Search-Win32SecurityDescriptor Get-Win32SecurityDescriptor Compare-NtSid Test-NtAceCondition Test-NtTokenGroup Test-NtAccessMask Grant-NtAccessMask Revoke-NtAccessMask Select-NtSecurityDescriptorAce Write-NtAudit New-AuthZResourceManager New-AuthZContext Get-AuthZGrantedAccess Add-AuthZSid Remove-AuthZSid Set-NtToken Get-NtTokenDefaultDacl Set-NtTokenDefaultDacl Get-NtKeySymbolicLinkTarget New-NtKeySymbolicLink Rename-NtFile Get-NtFileVolumeInformation Set-NtFileVolumeInformation Send-NtFileControl Get-NtFileAttribute Set-NtFileAttribute Get-NtFileShareProcess Get-NtFileCompression Set-NtFileCompression Get-NtFileLink Get-NtFileStream Get-NtFileObjectId Get-NtFileId Set-NtFileObjectId Remove-NtFileObjectId Get-NtFileFinalPath Add-NtThreadApc New-NtThread New-NtEnclave Get-RandomByte Get-RunningScheduledTask Set-Win32ServiceConfig ConvertTo-NtSecurityDescriptor Compare-NtSecurityDescriptor Clear-AuthZSid Get-AccessibleDsObject Get-Win32GrantedAccess Get-AccessibleFwObject New-KerberosKdcProxy
Functions
Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Get-NtSecurityDescriptor Get-NtSecurityDescriptorIntegrityLevel Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtFileEa Set-NtFileEa Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread Format-NtToken Remove-NtTokenPrivilege Get-NtTokenPrivilege Get-NtLocallyUniqueId Get-NtTokenGroup Get-NtTokenSid Set-NtTokenSid Set-NtTokenGroup Get-NtDesktopName Get-NtWindowStationName Get-NtWindow Format-HexDump Get-NtTypeAccess Get-NtAtom Add-NtAtom Remove-NtAtom Import-Win32Module Get-Win32Module Get-Win32ModuleExport Get-Win32ModuleImport Get-NtDirectoryEntry Remove-NtKeyValue Read-LsaCredential Get-LsaPackage New-LsaCredentialHandle New-LsaServerContext New-LsaClientContext Update-LsaServerContext Update-LsaClientContext Get-LsaAccessToken Get-NtKernelModule Get-NtObjectInformationClass Add-NtSection Remove-NtSection Compare-NtObject Edit-NtSecurityDescriptor Set-NtSecurityDescriptorOwner Set-NtSecurityDescriptorGroup Set-NtSecurityDescriptorIntegrityLevel ConvertFrom-NtAceCondition ConvertFrom-NtSecurityDescriptor Remove-NtSecurityDescriptorOwner Remove-NtSecurityDescriptorGroup New-NtUserGroup New-NtAcl Set-NtSecurityDescriptorDacl Set-NtSecurityDescriptorSacl Copy-NtSecurityDescriptor Test-NtSecurityDescriptor Get-NtSecurityDescriptorOwner Get-NtSecurityDescriptorGroup Get-NtSecurityDescriptorDacl Get-NtSecurityDescriptorSacl Set-NtSecurityDescriptorControl Get-NtSecurityDescriptorControl Remove-NtSecurityDescriptorDacl Remove-NtSecurityDescriptorSacl Remove-NtSecurityDescriptorIntegrityLevel Add-NtSecurityDescriptorControl Remove-NtSecurityDescriptorControl Format-Win32SecurityDescriptor New-ObjectTypeTree Add-ObjectTypeTree ConvertTo-NtAceCondition Get-NtTokenMandatoryPolicy Clear-NtSecurityDescriptorDacl Clear-NtSecurityDescriptorSacl Get-CentralAccessPolicy Remove-ObjectTypeTree Set-ObjectTypeTreeAccess Revoke-ObjectTypeTreeAccess Select-ObjectTypeTree Test-NtObject Get-NtTokenIntegrityLevel Get-NtAuditPolicy Set-NtAuditPolicy Get-NtAuditSecurity Set-NtAuditSecurity Format-LsaAuthToken Get-LsaAuthToken Test-LsaContext Get-NtLogonSession Get-NtAccountRight Get-NtAccountRightSid Get-NtConsoleSession Get-ServicePrincipalName Get-NtTokenId Get-LsaCredential Export-LsaAuthToken Import-LsaAuthToken Get-MD4Hash Format-ASN1DER Import-KerberosKeyTab Export-KerberosKeyTab New-KerberosKey Get-KerberosKey Unprotect-LsaAuthToken Get-KerberosTicket Get-NdrComplexType Get-NtProcessUser Get-NtProcessEnvironment Split-Win32CommandLine Send-NtWindowMessage Get-NtKeyHive Backup-NtKey Restore-NtKey Enable-NtTokenVirtualization Disable-NtTokenVirtualization Read-NtFile Write-NtFile Get-FilterConnectionPort Get-FilterDriver Get-FilterDriverInstance Get-FilterDriverVolume Get-FilterDriverVolumeInstance Add-NtEaBuffer Remove-NtFileEa Get-NtDeviceSetupClass Get-NtDeviceNode Get-NtDeviceInterfaceClass Get-NtDeviceProperty Get-NtDeviceNodeChild Get-NtDeviceInterfaceInstance Get-NtDeviceNodeParent Get-NtDeviceNodeStack Get-NtFileItem Get-NtFileChange Lock-NtFile Unlock-NtFile Get-NtFileDisposition Set-NtFileDisposition Wait-AsyncTaskResult Get-NtFile8dot3Name Send-FilterConnectionPort Test-NtFileDriverPath Get-NtMountPoint New-NtFileReparseBuffer Get-NtFileQuota Set-NtFileQuota Read-NtFileUsnJournal Confirm-NtFileOplock Start-AppModelApplication Get-NtThreadContext Set-NtThreadContext Remove-AppContainerProfile Get-AppModelApplicationPolicy Test-NtProcessJob Get-AppxDesktopBridge Stop-NtJob Get-NtThreadWorkOnBehalfTicket Set-NtThreadWorkOnBehalfTicket Get-NtThreadContainerId Set-NtThreadContainer Clear-NtThreadWorkOnBehalfTicket Compare-NtSigningLevel Get-NtSystemInformation Get-NtSigningLevel Get-X509Certificate Set-NtCachedSigningLevel Invoke-NtEnclave Add-NtAccountRight Remove-NtAccountRight Start-Win32DebugConsole Get-Win32Service Test-NtProcess Get-NtApiSet Clear-NtSidName Add-NtSidName Remove-NtSidName New-Win32Service Remove-Win32Service Test-NtTokenCapability New-Win32DebugConsole Read-Win32DebugConsole Get-Win32ServiceSecurityDescriptor Disconnect-RpcClient Enable-NtTokenPrivilege Disable-NtTokenPrivilege Get-Win32ModuleSymbolFile Get-RpcStringBinding Start-Win32Service Get-Win32ServiceConfig Get-LsaContextSignature Test-LsaContextSignature Protect-LsaContextMessage Unprotect-LsaContextMessage New-LsaSecurityBuffer Get-LsaSchannelCredential Get-LsaCredSSPCredential ConvertFrom-LsaSecurityBuffer ConvertFrom-NtSid Get-AppModelLoopbackException Add-AppModelLoopbackException Remove-AppModelLoopbackException Get-NtSDKName Wait-Win32Service Send-Win32Service Get-Win32ServiceTrigger Set-Win32ServiceSecurityDescriptor Restart-Win32Service Test-Win32Service Format-KerberosTicket ConvertFrom-HexDump Get-Win32ModuleResource Get-LsaPolicy Connect-SamServer Get-SamDomain Get-SamUser Get-SamAlias Get-SamGroup Get-LsaPrivateData Set-LsaPrivateData Get-LsaAccount Get-LsaTrustedDomain Get-LsaSecret Get-SamAliasMember Get-SamGroupMember Get-DsExtendedRight Get-DsSchemaClass Get-LsaName Get-LsaSid Protect-RC4 Get-DsObjectSid Get-DsObjectSchemaClass ConvertTo-ObjectTypeTree Get-DsSchemaAttribute Get-DsHeuristics New-SamUser Get-DsSDRightsEffective Search-DsObjectSid Get-Win32Credential Backup-Win32Credential Select-BinaryString Get-FwEngine Get-FwLayer Get-FwFilter Get-FwSubLayer Remove-FwFilter Format-FwFilter New-FwConditionBuilder Add-FwFilter Get-FwGuid New-FwFilterTemplate Get-FwAleEndpoint Get-FwToken Get-SocketSecurity Set-SocketSecurity Set-SocketPeerTargetName Get-IkeSecurityAssociation Get-FwSession Reset-NtTokenGroup Enable-NtTokenGroup Disable-NtTokenGroup Get-FwNetEvent Read-FwNetEvent New-FwNetEventListener Start-FwNetEventListener Get-IPsecSaContext Get-FwEngineOption Set-FwEngineOption New-FwNetEventTemplate Add-FwCondition Get-FwCallout Add-RpcClientSecurityContext Set-RpcClientSecurityContext Get-RpcClientSecurityContext Get-RpcSecurityPrincipalName Get-FwProvider Update-Win32Environment New-KerberosChecksum New-KerberosPrincipalName New-KerberosAuthenticator New-KerberosApRequest New-KerberosTicket Add-KerberosTicket Remove-KerberosTicket New-KerberosTicketCache Remove-Win32Credential Set-Win32Credential Protect-Win32Credential Unprotect-Win32Credential Rename-KerberosTicket New-KerberosError Add-KerberosKdcPin Clear-KerberosKdcPin Test-NtSid New-KerberosTgsRequest Send-KerberosKdcRequest New-KerberosAsRequest New-KerberosKdcServer New-KerberosKdcServerUser New-KerberosAuthorizationData Resolve-KerberosKdcAddress Get-ASN1DER New-ASN1DER New-KerberosKeyTab Export-KerberosTicketCache Import-KerberosTicketCache Export-KerberosTicket Import-KerberosTicket
Dependencies
This module has no dependencies.
Release Notes
1.1.33
--------
* Various bug fixes.
* Added RPC pipe support.
FileList
- ZNtObjectManager.nuspec
- AppModelFunctions.ps1
- Formatters.ps1xml
- NtApiDotNet.Forms.dll
- NtKeyFunctions.ps1
- NtProcessFunctions.ps1
- NtVirtualMemoryFunctions.ps1
- UtilityFunctions.ps1
- Win32ServiceFunctions.ps1
- Be.Windows.Forms.HexBox.dll
- KerberosFunctions.ps1
- NtApiDotNet.Forms.pdb
- NtObjectFunctions.ps1
- NtSectionFunctions.ps1
- NtWindowFunctions.ps1
- WeifenLuo.WinFormsUI.Docking.dll
- Be.Windows.Forms.HexBox.pdb
- LsaFunctions.ps1
- NtApiDotNet.pdb
- NtObjectManager.dll
- NtSecurityFunctions.ps1
- RpcFunctions.ps1
- Win32DebugFunctions.ps1
- ZNtObjectManager.psd1
- Be.Windows.Forms.HexBox.xml
- MiscFunctions.ps1
- NtApiDotNet.xml
- NtObjectManager.dll-Help.xml
- NtSystemInfoFunctions.ps1
- SamFunctions.ps1
- Win32ModuleFunctions.ps1
- ZNtObjectManager.psm1
- DsFunctions.ps1
- NDesk.Options.dll
- NtDeviceFunctions.ps1
- NtObjectManager.pdb
- NtThreadFunctions.ps1
- SocketFunctions.ps1
- Win32ProcessFunctions.ps1
- en-US\about_ManagingNtObjectLifetime.help.txt
- FirewallFunctions.ps1
- NtApiDotNet.dll
- NtFileFunctions.ps1
- NtObjectManager.XML
- NtTokenFunctions.ps1
- TypeExtensions.ps1xml
- Win32SecurityFunctions.ps1
- en-US\about_NtObjectManagerProvider.help.txt
Version History
Version | Downloads | Last updated |
---|---|---|
1.1.34 (current version) | 178 | 1/26/2023 |