v2.0.0

2.0.0.

• Major refactor.

v1.1.34

This is the last v1 release on this branch.

Updated to v1.1.33

1.1.33

• Various bug fixes.
• Added RPC pipe support.

Updated to v1.1.32

Updated to 1.1.32.

Updated to v1.1.31

1.1.31

• Added signing and encryption to SSPI.
• Added Get-LsaContextSignature and Test-LsaContextSignature.
• Added Protect-LsaContextMessage and Unprotect-LsaContextMessage
• Named auth commands to Lsa.
• Added TCP/IP RPC transport and add signing/encryption.
• Added Disconnect-RpcClient.
• Added server information for local RPC connection.
• Added Enable-NtTokenPrivilege and Disable-NtTokenPrivilege.
• Added native ARM/ARM64 support.
• Added Get-Win32ServiceConfig and Set-Win32ServiceConfig.
• Fixed bug in ACL canonicalization.
• Added support for SDK names of enumerations/structures.
• Added Get-NtSDKName.
• Added support for Win32 WriteProcessMemory.
• Added Get-Win32ServiceTrigger and support for triggers in Start-Win32Service.
• Added Set-Win32ServiceSecurityDescriptor.
• Fixed INdrStructure unmarshaling #35

Updated to v1.1.30

1.1.30

• Fixed issue when displaying only a SACL with Format-NtSecurityDescriptor.
• Added basic named pipe support for RPC clients.
• Fixed issue enumerating per-user audit rules.
• Added view accessor for safe buffers.
• Improved debug tracing for RPC clients.
• Improved handling of paths with local files commands.
• Fixed path issue with Set-Win32SecurityDescriptor.
• Added querying trace providers from the WMI security key.

Updated to v1.1.29.

1.1.29

• Added Get-NtProcessUser.
• Added Get-NtProcessEnvironment.
• Added global option for New-NtSymbolicLink.
• Added Split-Win32CommandLine.
• Added send and post methods to NtMessage.
• Added AsObject parameter for Get-NtObjectInformation.
• Added NtMailslotFile and fixed mailslot creation.
• Added Get-NtKeySymbolicLinkTarget.
• Added support for a FollowLink switch which will allow accessible cmdlets to follow symbolic links. Feature request #29.
• Separated forms code from the main assembly.
• Added setting service security and Get/Set-Win32ServiceSecurityDescriptor.
• Added Win32 debug console class and Start/New/Read-Win32DebugConsole.
• Added Test-NtTokenCapability.
• Added New-Win32Service and Remove-Win32Service.
• Reimplemented SidName to allow access to the Domain component.
• Added section characteristics check when parsing RPC servers. Fix for issue #27.
• Added an SDKName attribute to access rights.
• Added Add-NtAccountRight and Remove-NtAccountRight.
• Added basic VBS enclave support.
• Added support to parse ELAM information from a binary.
• Added Get-NtSigningLevel and Get-X509Certificate.
• Added Compare-NtSigningLevel.
• Added silo impersonation commands.
• Added option to impersonation System when creating a token or with Invoke-NtToken.
• Added proper enumeration of AppContainer profiles and support creating with capabilities.
• Added Get-AppModelApplicationPolicy.
• Added Get-NtThreadContext and Set-NtThreadContext.
• Added support for calling CreateProcessWithLogon via Win32Process.
• Added Start-AppModelApplication.
• Added Add-NtThreadApc.
• Fixed path handling in Get-Win32SecurityDescriptor.
• Added Get-NtFileFinalPath command.
• Reworked handling of lease oplocks.
• Added basic USN journal support.
• Added Get-NtFileStream.
• Added Get-NtMountPoint command.
• Added basic async support and the Wait-AsyncTaskResult command.
• Added Send-NtFileControl command.
• Added Get-NtFileVolumeInformation and Set-NtFileVolumeInformation.
• Added Get-NtFileItem command.
• Added support for querying device nodes, setup class and interface classes.
• Added Get-NtFileSharingProcess.
• IPeb: Added GetBeingDebugged() (#26)
• Added support for enumerating filter drivers and connecting to ports.
• Added New-NtKeySymbolicLink and Set-NtKeySymbolicLinkTarget.
• Added a Get-NtKeyHive command.

Updated to v1.1.28

1.1.28

• Added Import-Win32Module and Get-Win32Module.
• Added support for Registry Keys in the NtObjectManager provider.
• Added Get-NtDirectoryEntry.
• Added Win32 CreateRemoteThread.
• Added addition Registry Key functions.
• Added Network Authentication commands.
• Added Authentication Token formatting commands.
• Added new filtering features to TokenViewer.
• Improved cmdlets for getting and setting object information classes.
• Added Add-NtSection and Remove-NtSection.
• Added Compare-NtObject.
• Added Test-NtTokenPrivilege.
• Added type parsing from PDBs via SymbolResolver.
• Added a summary format to Format-NtSecurityDescriptor.
• Added Out-HexDump.
• Added C# compiler support for .NET Core Support of Get-RpcClient.
• Updated New-NtSecurityDescriptor and Edit-NtSecurityDescriptor.
• Basic C++ NDR formatting from irsl@.
• Added Format-NtJob.
• Added New-NtSecurityAttribute and Get-NtAceConditionData.
• Added Device/User Claims to Token Viewer and Format-NtToken.
• Added many different commands to manipulate Security Descriptors.
• Added Win32 Security Descriptor commands.
• Added filtering for accessible path commands.
• Added Audit support.
• Added basic AuthZ API support.
• Added basic ASN.1 DER parsing and Format-ASN1DER command.
• Added Kerberos Keytab file reading and writing.

Updated to v1.1.27

1.1.27

• Added support for directory change notifications.
• Added New-NtDesktop, Get-NtDesktop and Get-NtDesktopName.
• Added New-NtWindowStation, Get-NtWindowStation and Get-NtWindowStationName.
• Changed Win32 error codes to an enumeration.
• Added Load/Unload driver.
• Added properties to NtType to show access masks.
• Added basic SendInput method.
• Added token source tab to Token Viewer.
• Updated for the Job object and New-NtJob.
• Added NtWindow class a HWND enumeration.
• Added Get-AccessibleWindowStation command.
• Added some well known WNF names.
• Added option to Get-AccessibleService to check file permissions.
• Added Set-NtProcessJob command.
• Added Get-AccessibleToken command.
• Added support for compound ACEs.
• Added Get/Sid-NtTokenSid and Get/Set-NtTokenGroup.
• Added Get-AccessibleEventTrace command.
• Added Get-AccessibleWnf command.

Updated to v1.1.26

1.1.26

• Add DeviceGuid to Get/New-NtFile
• Fixed bug in ETA registrations and added GUID enumeration.
• Added SetExceptionPort to NtProcess.
• Added child process mitigation improvements.
• Added extended Fork.
• Updated native process creation support.
• Various new non-throwing methods.
• Updated to C# 7.3.
• Added list of access rights to NtType.
• Added default mandatory policy to NtType.
• Added SetDisposition methods to NtFile.
• Added console and GUI support for Object ACEs.
• Updated access checking to support Object Types.
• Access check returns a structure rather than just an access mask.
• CPP style NDR formatting (#21)
• Added Get-NtTokenPrivilege command.
• Added Get-NtLocallyUniqueId command.