http://www.open-source-security-software.net/project/sandbox-attacksurface-analysis-tools/releases.atom 2025-04-26T05:31:20.036833+00:00 python-feedgen sandbox-attacksurface-analysis-tools v1.0.3 2017-03-24T20:18:28+00:00 2017-03-24T20:18:28+00:00 sandbox-attacksurface-analysis-tools v1.0.4 2017-05-18T13:07:57+00:00 2017-05-18T13:07:57+00:00 sandbox-attacksurface-analysis-tools v1.0.5 2017-05-24T13:39:49+00:00 1.0.5 ----- * Added additional Known SIDs * Unified the variant Get-NtToken* cmdlets into one. * Added additional token cmdlets such as Logon and Clipboard. * Added initial support for IO Completion Ports * Added object creation time property * Added support to set a process device map * Added top level CanSynchronize property to NtObject * Bugs fixes from Rustam Agametov * Made process list in token viewer a list rather than a tree and made a separate handle tab. 2017-05-24T13:39:49+00:00 sandbox-attacksurface-analysis-tools v1.0.6 2017-06-06T20:04:20+00:00 2017-06-06T20:04:20+00:00 sandbox-attacksurface-analysis-tools v1.0.7 2017-06-14T22:14:18+00:00 1.0.7 ----- * Added new cmdlets to do access checking. Many of the old standalone utilities are now deprecated. * Added cmdlets to create lowbox tokens * Added list of known capability SIDs and resolve them during name lookup * Added cmdlet to get a SID * Added cmdlet to do a standalone access checking * Reworked the APIs to include non-throwing versions of many of the core Open/Create methods. * Made NtType more inspectable, includes access enumeration and rationalizes the opening methods. * Various additional properties such as extended process flags, checking for LPAC * Rework of access mask handling. Now all low-level APIs use an AccessMask structure which has conversion operators to and from other enumerations. * Various other bug fixes. 2017-06-14T22:14:18+00:00 sandbox-attacksurface-analysis-tools v1.0.9 2017-08-19T13:38:50+00:00 Release Notes: 1.0.9 ----- * Made New-Win32Process more generic and added support for Win32k filter enable. * Added function to capture token from a process using impersonation. * Added basic support for Desktop and WindowStation objects using Win32u.dll exports. * Added file locking implementation including async. * Added hardlink enumeration. * Added NTFS stream enumeration. * Deprecated most of the old standalone utilities in favour of PS cmdlets. 1.0.8 ----- * Added cmdlets to create a kernel memory dump, system environment and licensing. * Additional system calls implemented. * Added access to secure boot policies and code integrity policies. * Made Win32 Process creation more generic and added cmdlet. * Added access check by type including SELF SID. 2017-08-19T13:38:50+00:00 sandbox-attacksurface-analysis-tools v1.1.0 2017-08-30T11:05:15+00:00 1.1.0 ----- * Removed check tools, excluding CheckNetworkAccess. * Added basic Job object cmdlets. * Added creation of protected processes in Win32Process. * Added service access checking cmdlet. * Added get executable manifest cmdlet. 2017-08-30T11:05:15+00:00 sandbox-attacksurface-analysis-tools v1.1.1 2017-08-30T12:46:30+00:00 1.1.1 ----- * Fix to native protected process creation. * Added functions to create native NT processes. 2017-08-30T12:46:30+00:00 sandbox-attacksurface-analysis-tools v1.1.3 2017-11-05T22:59:10+00:00 2017-11-05T22:59:10+00:00 sandbox-attacksurface-analysis-tools v1.1.4 2017-11-14T16:21:14+00:00 2017-11-14T16:21:14+00:00 sandbox-attacksurface-analysis-tools v1.1.5 2017-11-24T09:50:56+00:00 2017-11-24T09:50:56+00:00 sandbox-attacksurface-analysis-tools v1.1.6 2017-12-03T22:06:30+00:00 2017-12-03T22:06:30+00:00 sandbox-attacksurface-analysis-tools v1.1.7 2018-01-11T14:26:01+00:00 2018-01-11T14:26:01+00:00 sandbox-attacksurface-analysis-tools v1.1.8 2018-02-06T18:05:55+00:00 2018-02-06T18:05:55+00:00 sandbox-attacksurface-analysis-tools v1.1.9 2018-02-22T12:36:47+00:00 2018-02-22T12:36:47+00:00 sandbox-attacksurface-analysis-tools v1.1.10 2018-03-01T12:09:01+00:00 1.1.10 ------ * Added support for extended handle information to allow for PIDs > 64k. * Added basic New-NtToken cmdlet and system call. * Added Resolve-NtObjectAdddress cmdlet to resolve the addresses of a list of objects. * Added generic object ReOpen method. * Added vistor method to object directories to enumerate recursively with a callback. * Added display of process trust labels. 2018-03-01T12:09:01+00:00 sandbox-attacksurface-analysis-tools v1.1.11 2018-03-04T19:42:24+00:00 2018-03-04T19:42:24+00:00 sandbox-attacksurface-analysis-tools v1.1.12 2018-03-19T01:43:32+00:00 2018-03-19T01:43:32+00:00 sandbox-attacksurface-analysis-tools v1.1.13 2018-04-04T12:18:58+00:00 2018-04-04T12:18:58+00:00 sandbox-attacksurface-analysis-tools v1.1.14 2018-05-01T22:06:56+00:00 2018-05-01T22:06:56+00:00 sandbox-attacksurface-analysis-tools v1.1.15 2018-06-19T09:41:13+00:00 2018-06-19T09:41:13+00:00 sandbox-attacksurface-analysis-tools v1.1.16 2018-08-01T19:47:41+00:00 2018-08-01T19:47:41+00:00 sandbox-attacksurface-analysis-tools v1.1.17 2018-09-09T17:28:17+00:00 2018-09-09T17:28:17+00:00 sandbox-attacksurface-analysis-tools v1.1.18 2019-02-04T10:59:39+00:00 2019-02-04T10:59:39+00:00 sandbox-attacksurface-analysis-tools v1.1.19 2019-02-04T23:09:09+00:00 Bug fix release. Don't use v1.1.18. 2019-02-04T23:09:09+00:00 sandbox-attacksurface-analysis-tools v1.1.20 2019-03-09T23:58:17+00:00 * Added basic ALPC support including cmdlets. * Added better debug support including cmdlets. * Display container access rights in SD GUI and also extract SACL if available. * Added Set/Get-NtProcessMitigation policy to get specific policies. * Exposed process mitigation policies using flag enums. * Added Win32.AppContainerProfile to create and delete AC profiles. * Many new non-throwing methods added to objects. * Added ReadScatter and WriteGather methods to NtFile. * Improved formatting of IO Control Codes. * Added ability to acknowledge oplock breaks. * Added Wow64 FS redirection support. * Use proper WIN32 NT status facility for Win32 errors as status codes. * Added read/write to file from safe buffers. * Added methods to zero or fill safe buffers using native methods. * Fix bug with querying BnoIsolationPrefix which next took into account the enable flag correctly. * Fix from diversenok "Improve detection of restricted tokens (#20)" * Code cleanups and source code separation. 2019-03-09T23:58:17+00:00 sandbox-attacksurface-analysis-tools v1.1.21 2019-04-23T22:11:28+00:00 1.1.21 -------- * Various updates to the NDR parser, including new types and support for correlation expressions. * Added complete transaction cmdlets. * Added extended process creation flags for Win32Process. * Added Format-NtSecurityDescriptor to display on the console * Added Copy-NtObject cmdlet. * Added basic RPC ALPC client support. * Added option to specify a debug object for a Win32 process. * Added processor system information. 2019-04-23T22:11:28+00:00 sandbox-attacksurface-analysis-tools v1.1.22 2019-04-30T22:17:22+00:00 1.1.22 -------- * Removed old standalone utilities, everything should be accessible from PowerShell. * Added Test-NetworkAccess cmdlet to replace CheckNetworkAccess utility. * Added Set-NtFileHardlink cmdlet. * Various fixes for RPC client code. 2019-04-30T22:17:22+00:00 sandbox-attacksurface-analysis-tools v1.1.23 2019-10-18T14:14:49+00:00 1.1.23 -------- * Added basic ETW APIs. * Added new thread properties. * Added Close-NtObject function. * Added Get-AccessibleScheduledTask cmdlet. * Added typing for New-ExecutionAlias and renamed to Set-ExecutionAlias. * Added Compare-RpcServer. * Fixed handling of FQBN token security attributes. * Added option to Format-RpcClient to output to a directory. * Added Select-RpcServer cmdlet. * Added RPC ALPC port brute force. 2019-10-18T14:14:49+00:00 sandbox-attacksurface-analysis-tools v1.1.24 2019-12-10T03:23:25+00:00 1.1.24 -------- * Added Add-NtTokenSecurityAttribute and Remove-NtTokenSecurityAttribute cmdlets. * Added additional properties for running servies. * Added support for drivers to Get-RunningService and Get-AccesibleService. * Added fake service NtType objects for services and SCM to allow formatting and the UI. * Added NtType property to security descriptors. * Added option to Show-NtToken to elevate to admin. * Added Suspend, Resume and Stop process commands. * Added Get-NtEaBuffer and Set-NtEaBuffer commands. * Added open to Get-NtDebug to get from a process. 2019-12-10T03:23:25+00:00 sandbox-attacksurface-analysis-tools v1.1.25 2020-01-02T01:59:01+00:00 1.1.25 -------- * Added new options to Get-NtSecurityDescriptor. * Updated accessible resource checking. * Added Remove-NtTokenPrivilege. * Added Session option to Get-NtToken. * Added command line option to Show-NtToken. * Added information classes for symbolic links. 2020-01-02T01:59:01+00:00 sandbox-attacksurface-analysis-tools v1.1.26 2020-01-21T22:02:44+00:00 1.1.26 -------- * Add DeviceGuid to Get/New-NtFile * Fixed bug in ETA registrations and added GUID enumeration. * Added SetExceptionPort to NtProcess. * Added child process mitigation improvements. * Added extended Fork. * Updated native process creation support. * Various new non-throwing methods. * Updated to C# 7.3. * Added list of access rights to NtType. * Added default mandatory policy to NtType. * Added SetDisposition methods to NtFile. * Added console and GUI support for Object ACEs. * Updated access checking to support Object Types. * Access check returns a structure rather than just an access mask. * CPP style NDR formatting (#21) * Added Get-NtTokenPrivilege command. * Added Get-NtLocallyUniqueId command. 2020-01-21T22:02:44+00:00 sandbox-attacksurface-analysis-tools v1.1.27 2020-02-10T06:17:39+00:00 1.1.27 -------- * Added support for directory change notifications. * Added New-NtDesktop, Get-NtDesktop and Get-NtDesktopName. * Added New-NtWindowStation, Get-NtWindowStation and Get-NtWindowStationName. * Changed Win32 error codes to an enumeration. * Added Load/Unload driver. * Added properties to NtType to show access masks. * Added basic SendInput method. * Added token source tab to Token Viewer. * Updated for the Job object and New-NtJob. * Added NtWindow class a HWND enumeration. * Added Get-AccessibleWindowStation command. * Added some well known WNF names. * Added option to Get-AccessibleService to check file permissions. * Added Set-NtProcessJob command. * Added Get-AccessibleToken command. * Added support for compound ACEs. * Added Get/Sid-NtTokenSid and Get/Set-NtTokenGroup. * Added Get-AccessibleEventTrace command. * Added Get-AccessibleWnf command. 2020-02-10T06:17:39+00:00 sandbox-attacksurface-analysis-tools v1.1.28 2020-06-30T21:08:46+00:00 1.1.28 -------- * Added Import-Win32Module and Get-Win32Module. * Added support for Registry Keys in the NtObjectManager provider. * Added Get-NtDirectoryEntry. * Added Win32 CreateRemoteThread. * Added addition Registry Key functions. * Added Network Authentication commands. * Added Authentication Token formatting commands. * Added new filtering features to TokenViewer. * Improved cmdlets for getting and setting object information classes. * Added Add-NtSection and Remove-NtSection. * Added Compare-NtObject. * Added Test-NtTokenPrivilege. * Added type parsing from PDBs via SymbolResolver. * Added a summary format to Format-NtSecurityDescriptor. * Added Out-HexDump. * Added C# compiler support for .NET Core Support of Get-RpcClient. * Updated New-NtSecurityDescriptor and Edit-NtSecurityDescriptor. * Basic C++ NDR formatting from irsl@. * Added Format-NtJob. * Added New-NtSecurityAttribute and Get-NtAceConditionData. * Added Device/User Claims to Token Viewer and Format-NtToken. * Added many different commands to manipulate Security Descriptors. * Added Win32 Security Descriptor commands. * Added filtering for accessible path commands. * Added Audit support. * Added basic AuthZ API support. * Added basic ASN.1 DER parsing and Format-ASN1DER command. * Added Kerberos Keytab file reading and writing. 2020-06-30T21:08:46+00:00 sandbox-attacksurface-analysis-tools v1.1.29 2020-11-23T06:09:41+00:00 1.1.29 -------- * Added Get-NtProcessUser. * Added Get-NtProcessEnvironment. * Added global option for New-NtSymbolicLink. * Added Split-Win32CommandLine. * Added send and post methods to NtMessage. * Added AsObject parameter for Get-NtObjectInformation. * Added NtMailslotFile and fixed mailslot creation. * Added Get-NtKeySymbolicLinkTarget. * Added support for a FollowLink switch which will allow accessible cmdlets to follow symbolic links. Feature request #29. * Separated forms code from the main assembly. * Added setting service security and Get/Set-Win32ServiceSecurityDescriptor. * Added Win32 debug console class and Start/New/Read-Win32DebugConsole. * Added Test-NtTokenCapability. * Added New-Win32Service and Remove-Win32Service. * Reimplemented SidName to allow access to the Domain component. * Added section characteristics check when parsing RPC servers. Fix for issue #27. * Added an SDKName attribute to access rights. * Added Add-NtAccountRight and Remove-NtAccountRight. * Added basic VBS enclave support. * Added support to parse ELAM information from a binary. * Added Get-NtSigningLevel and Get-X509Certificate. * Added Compare-NtSigningLevel. * Added silo impersonation commands. * Added option to impersonation System when creating a token or with Invoke-NtToken. * Added proper enumeration of AppContainer profiles and support creating with capabilities. * Added Get-AppModelApplicationPolicy. * Added Get-NtThreadContext and Set-NtThreadContext. * Added support for calling CreateProcessWithLogon via Win32Process. * Added Start-AppModelApplication. * Added Add-NtThreadApc. * Fixed path handling in Get-Win32SecurityDescriptor. * Added Get-NtFileFinalPath command. * Reworked handling of lease oplocks. * Added basic USN journal support. * Added Get-NtFileStream. * Added Get-NtMountPoint command. * Added basic async support and the Wait-AsyncTaskResult command. * Added Send-NtFileControl command. * Added Get-NtFileVolumeInformation and Set-NtFileVolumeInformation. * Added Get-NtFileItem command. * Added support for querying device nodes, setup class and interface classes. * Added Get-NtFileSharingProcess. * IPeb: Added GetBeingDebugged() (#26) * Added support for enumerating filter drivers and connecting to ports. * Added New-NtKeySymbolicLink and Set-NtKeySymbolicLinkTarget. * Added a Get-NtKeyHive command. 2020-11-23T06:09:41+00:00 sandbox-attacksurface-analysis-tools v1.1.30 2021-01-15T16:19:49+00:00 1.1.30 -------- * Fixed issue when displaying only a SACL with Format-NtSecurityDescriptor. * Added basic named pipe support for RPC clients. * Fixed issue enumerating per-user audit rules. * Added view accessor for safe buffers. * Improved debug tracing for RPC clients. * Improved handling of paths with local files commands. * Fixed path issue with Set-Win32SecurityDescriptor. * Added querying trace providers from the WMI security key. 2021-01-15T16:19:49+00:00 sandbox-attacksurface-analysis-tools v1.1.31 2021-03-16T05:26:01+00:00 1.1.31 -------- * Added signing and encryption to SSPI. * Added Get-LsaContextSignature and Test-LsaContextSignature. * Added Protect-LsaContextMessage and Unprotect-LsaContextMessage * Named auth commands to Lsa. * Added TCP/IP RPC transport and add signing/encryption. * Added Disconnect-RpcClient. * Added server information for local RPC connection. * Added Enable-NtTokenPrivilege and Disable-NtTokenPrivilege. * Added native ARM/ARM64 support. * Added Get-Win32ServiceConfig and Set-Win32ServiceConfig. * Fixed bug in ACL canonicalization. * Added support for SDK names of enumerations/structures. * Added Get-NtSDKName. * Added support for Win32 WriteProcessMemory. * Added Get-Win32ServiceTrigger and support for triggers in Start-Win32Service. * Added Set-Win32ServiceSecurityDescriptor. * Fixed INdrStructure unmarshaling #35 2021-03-16T05:26:01+00:00 sandbox-attacksurface-analysis-tools v1.1.32 2021-08-18T04:00:09+00:00 2021-08-18T04:00:09+00:00 sandbox-attacksurface-analysis-tools v.1.1.33 2022-01-22T23:42:01+00:00 1.1.33 -------- * Various bug fixes. * Added RPC pipe support. 2022-01-22T23:42:01+00:00