sandbox-attacksurface-analysis-tools | analyze Windows sandboxes for exposed attack surface | Command Line Interface library

sandbox-attacksurface-analysis-tools is a C# library typically used in Utilities, Command Line Interface applications. sandbox-attacksurface-analysis-tools has no bugs, it has no vulnerabilities, it has a Permissive License and it has medium support. You can download it from GitHub.

(c) Google LLC. 2015 - 2021 Developed by James Forshaw. This is a small suite of PowerShell tools to test various properties of sandboxes on Windows. Many of the tools take a -ProcessId flag which is used to specify the PID of a sandboxed process. The tool will impersonate the token of that process and determine what access is allowed from that location. Also it's recommended to run these tools as an administrator or local system to ensure the system can be appropriately enumerated. EditSection: View and manipulate memory sections. TokenView: View and manipulate various process token values. NtApiDotNet: A basic managed library to access NT system calls and objects. NtObjectManager: A powershell module which uses NtApiDotNet to expose the NT object manager. ViewSecurityDescriptor: View the security descriptor from an SDDL string or an inherited object. You can load the using the Import-Module Cmdlet. You'll need to disable signing requirements however.