{"id":13515606,"url":"https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools","last_synced_at":"2025-05-14T04:01:08.654Z","repository":{"id":37778735,"uuid":"44787564","full_name":"googleprojectzero/sandbox-attacksurface-analysis-tools","owner":"googleprojectzero","description":"Set of tools to analyze Windows sandboxes for exposed attack surface.","archived":false,"fork":false,"pushed_at":"2024-12-04T22:24:21.000Z","size":13217,"stargazers_count":2148,"open_issues_count":14,"forks_count":440,"subscribers_count":122,"default_branch":"main","last_synced_at":"2025-04-10T20:55:40.854Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/googleprojectzero.png","metadata":{"files":{"readme":"README.txt","changelog":null,"contributing":"CONTRIBUTING","funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-10-23T03:04:22.000Z","updated_at":"2025-04-10T19:17:53.000Z","dependencies_parsed_at":"2023-02-16T23:15:18.746Z","dependency_job_id":"7d534b8c-8841-4aea-be3f-6204823b3a7e","html_url":"https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools","commit_stats":{"total_commits":3525,"total_committers":21,"mean_commits":"167.85714285714286","dds":0.3486524822695035,"last_synced_commit":"6df3d47a524a00ab6817099527568d42ab65e671"},"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleprojectzero%2Fsandbox-attacksurface-analysis-tools","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleprojectzero%2Fsandbox-attacksurface-analysis-tools/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleprojectzero%2Fsandbox-attacksurface-analysis-tools/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/googleprojectzero%2Fsandbox-attacksurface-analysis-tools/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/googleprojectzero","download_url":"https://codeload.github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254067086,"owners_count":22009074,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T05:01:13.406Z","updated_at":"2025-05-14T04:01:08.509Z","avatar_url":"https://github.com/googleprojectzero.png","language":"C#","readme":"sandbox-attacksurface-analysis-tools version 2.\r\n\r\n(c) Google LLC. 2015 - 2024\r\nDeveloped by James Forshaw\r\n\r\nThis is a small suite of PowerShell tools to test various properties of sandboxes on Windows. Many of the\r\ntools take a -ProcessId flag which is used to specify the PID of a sandboxed process. The tool will impersonate\r\nthe token of that process and determine what access is allowed from that location. Also it's recommended\r\nto run these tools as an administrator or local system to ensure the system can be appropriately enumerated.\r\n\r\nEditSection: View and manipulate memory sections.\r\nTokenViewer: View and manipulate various process token values.\r\nNtCoreLib: A basic managed library to access NT system calls and objects.\r\nNtCoreLib.Forms: A few simple forms to view security descriptors and tokens.\r\nNtObjectManager: A powershell module which uses NtApiDotNet to expose the NT object manager.\r\nViewSecurityDescriptor: View the security descriptor from an SDDL string or an inherited object.\r\n\r\nYou can load the using the Import-Module Cmdlet. You'll need to disable signing requirements however.\r\n\r\nFor example copy the module to %USERPROFILE%\\Documents\\WindowsPowerShell\\Modules then load the module with:\r\n\r\nImport-Module NtObjectManager\r\n\r\nYou can now do things like listing the NT object manager namespace using:\r\n\r\nGet-ChildItem NtObject:\\\r\n\r\nAlso see help for various commons such as Get-NtProcess, Get-NtType or New-File.\r\n\r\nThe tools can be built with Visual Studio 2022. \r\n\r\nRelease Notes:\r\n2.0.0.\r\n--------\r\n* Major refactor.\r\n","funding_links":[],"categories":["Operating System","\u003ca id=\"9eee96404f868f372a6cbc6769ccb7f8\"\u003e\u003c/a\u003e新添加的","C#","C\\#","C# #","C# (212)","\u003ca id=\"3ed50213c2818f1455eff4e30372c542\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"31185b925d5152c7469b963809ceb22d\"\u003e\u003c/a\u003e新添加的","\u003ca id=\"caab36bba7fa8bb931a9133e37d397f6\"\u003e\u003c/a\u003eWindows"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleprojectzero%2Fsandbox-attacksurface-analysis-tools","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogleprojectzero%2Fsandbox-attacksurface-analysis-tools","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogleprojectzero%2Fsandbox-attacksurface-analysis-tools/lists"}