NTObjectManager Tradecrafts

Get-ComDatabase -setcurrent

Change File/Registry Permisson

$sddl = "FILL_IN_SDDL_STRING"
## for SpecterService
$FolderToConfigure = "FILL_IN_FILE_PATH"
## Folder path
$securityDescriptor = Get-Acl -Path $FolderToConfigure
$securityDescriptor.SetSecurityDescriptorSddlForm($sddl)
## set it
Set-Acl -Path $FolderToConfigure -AclObject $securityDescriptor
#apply

Get All CLSIDs Windows

Get-ChildItem -Path Registry::HKEY_CLASSES_ROOT\\CLSID

Download Symbols

cd "C:\\Program Files (x86)\\Windows Kits\\10\\Debuggers\\x64\\"
symchk /s srv*c:\\SYMBOLS*<https://msdl.microsoft.com/download/symbols> C:\\Windows\\System32\\*.dll

List all domain controlled in a domain, You

$a = new-object 'System.DirectoryServices.ActiveDirectory.DirectoryContext'("domain", "other.domain.local" )
[System.DirectoryServices.ActiveDirectory.DomainController]::FindAll($a)

List Named Pipes

[System.IO.Directory]::GetFiles("\\\\.\\\\pipe\\\\")

• [ ] Show Full output

SOMETHING SOMETHING | format-list * 

Better View for SDDL

$descriptor = [System.Security.AccessControl.FileSecurity]::new()
$descriptor.SetSecurityDescriptorSddlForm("O:BAG:S-1-5-21-886914546-2374765512-2686207084-513D:AI(A;;0x13019f;;;WD)(A;ID;FA;;;SY)(A;ID;FA;;;BA)(A;ID;0x1200a9;;;BU)")
$descriptor.Access

ConvertSDDL

Notice SDDL can apply to Service and Registry and file permissions. So PowerShell has a -Type for specifying to help make better sense

ConvertFrom-Sddlstring "FILL_SDDL" -Type FileSystemRights