-
Notifications
You must be signed in to change notification settings - Fork 435
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why is 2.0.0 on the PSGallery but not on Github? #72
Comments
I will release the code soon, it's in the middle of a significant refactor. However I needed to put up a version of 2.0 for the early release of my book which will use the module. |
2.0 change log ..had breaking changes.. (no surprise hence 2.0.. but a change log would of been nice) WTF-WFP was downstream of this PSM https://zeronetworks.com/blog/wtf-is-going-on-with-wfp/
|
Yeah, well sorry about that, I at least should have put in a warning in the release notes. That said supporting anything outside of the exported cmdlets has never been my intention, the ability to use the NtApiDotNet library is just a sometimes useful byproduct and shouldn't be relied upon. As in, any script which worked before in v1 and only used the exported cmdlets should hopefully still work in v2, but obviously if you access internal classes I don't make any guarantees. You could specify in your module that you rely on a specific version of the NtObjectManager module, not sure how well that works in practice. Unfortunately the v1 branch is basically dead, anti-virus detections killed it. It required a substantial refactor to try and make the detections go away. Some things might not have been required such as changing the main module's name but I thought best to do it one go (this seems to be what has failed for you, going from NtApiDotNet to NtCoreLib). While I was at it a more substantial refactor of the structure is being undertaken which might change things even more. |
Interestingly, there are parts of this that might be extracted for more generalized access. The generalized access may be abused less. Specifically a smaller scope that could be combined to make the [sandbox-attacksurface-analysis-tools]. |
Certainly it might make sense to pull out what you specifically need into your own library to provide with the PowerShell code, although not sure how easy that would be. You could also ship a copy of NtApiDotNet.dll with the module. I think the main problem with AV is around code linking to the library not necessarily the library itself so it probably won't be detected by AV. |
The current release show 1.1.33 as latest
https://github.com/googleprojectzero/sandbox-attacksurface-analysis-tools/releases
The PS Gallery has 2.0 published with an alpha as well..
https://www.powershellgallery.com/packages/NtObjectManager/2.0.0
The text was updated successfully, but these errors were encountered: