Prepare for release 6.0

Author: MichaelGrafnetter

.github/CONTRIBUTING.md

@@ -1,5 +1,5 @@
-![DSInternals Logo](DSInternals-Dark.png#gh-light-mode-only)
-![DSInternals Logo](DSInternals-Light.png#gh-dark-mode-only)
+![DSInternals Logo](/.github/DSInternals-Dark.png#gh-light-mode-only)
+![DSInternals Logo](/.github/DSInternals-Light.png#gh-dark-mode-only)
 
 # Contributing to the Project
 
@@ -49,18 +49,16 @@ $PSVersion
 ### Development Environment
 
 If you want to build the module from source code yourself, you need to install these programs first:
-- [Microsoft Visual Studio Community](https://www.visualstudio.com/en-us/products/visual-studio-community-vs.aspx) 2022 with these features installed:
+- [Microsoft Visual Studio Community](https://visualstudio.microsoft.com/vs/community/) 2022 with these features installed:
    * .NET Framework 4.8 targeting pack
    * C++ 2022 Redistributable Update
    * C++/CLI support for v143 build tools (Latest)
    * MSVC v143 - VS 2022 C++ x64/x86 build tools (Latest)
    * MSVC v143 - VS 2022 C++ ARM64/ARM64EC build tools (Latest)
-   * Windows Universal C Runtime
-   * Windows 11 SDK (you might have to retarget the [DSInternals.Replication.Interop](../Src/DSInternals.Replication.Interop/DSInternals.Replication.Interop.vcxproj) project to the version you have)
+   * Windows 11 SDK (you might have to retarget the `DSInternals.Replication.Interop` projects to the version you have)
    * PowerShell Tools for Visual Studio (optional)
    * Git for Windows (optional)
    * GitHub Extension for Visual Studio (optional)
-- [Windows Management Framework 5](https://www.microsoft.com/en-us/download/details.aspx?id=50395).
 
 To make IntelliSense work with *.psm1 files, the following code needs to be added to the `C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Xml\Schemas\catalog.xml` file:
 
@@ -69,20 +67,18 @@ To make IntelliSense work with *.psm1 files, the following code needs to be adde
 <Association extension="ps1xml" schema="https://raw.githubusercontent.com/PowerShell/PowerShell/master/src/Schemas/Types.xsd" enableValidation="true"/>
 ```
 
-### Build Steps
+### Build and Debug Steps
+
 1. Install the prerequisities.
 2. Checkout or download the source codes.
-3. Run the [Scripts\Make.ps1](../Scripts/Make.ps1) script from PowerShell.
-4. The resulting module will appear in the *Build\bin\Release* folder.
-
-### Debugging
-
-1. Open the [Src\DSInternals.sln](../Src/DSInternals.sln) file in Visual Studio.
-2. Put any cmdlets you wish to debug into the [Src\DSInternals.PowerShell\Run-Cmdlets.ps1](../Src/DSInternals.PowerShell/Run-Cmdlets.ps1) script.
-3. Set the [DSInternals.PowerShell](../Src/DSInternals.PowerShell/DSInternals.PowerShell.csproj) project as StartUp Project.
+3. Open the [Src\DSInternals.sln](/Src/DSInternals.sln) file in Visual Studio.
+2. Put any cmdlets you wish to debug into the [Src\DSInternals.PowerShell\Run-Cmdlets.ps1](/Src/DSInternals.PowerShell/Run-Cmdlets.ps1) script.
+3. Set the [DSInternals.PowerShell](/Src/DSInternals.PowerShell/DSInternals.PowerShell.csproj) project as StartUp Project.
 4. Switch to the _Debug_ configuration.
 5. Start debugging (F5).
 
 ### Continuous Integration
 
+[![CI Build](https://github.com/MichaelGrafnetter/DSInternals/actions/workflows/autobuild.yml/badge.svg)](https://github.com/MichaelGrafnetter/DSInternals/actions/workflows/autobuild.yml)
+
 GitHub Actions are used for CI builds.

.github/README.md

@@ -19,20 +19,20 @@ The DSInternals project consists of these two parts:
   - [Active Directory password auditing](../Documentation/PowerShell/Test-PasswordQuality.md#test-passwordquality) that discovers accounts sharing the same passwords or having passwords in a public database like [HaveIBeenPwned](https://haveibeenpwned.com) or in a custom dictionary.
   - [Key credential auditing and generation](../Documentation/PowerShell/Get-ADKeyCredential.md#get-adkeycredential), including support for NGC, FIDO2 and STK keys. Keys can also be tested against the [ROCA vulnerability](https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190026). New NGC keys can also be [registered through the MS-DRSR protocol](../Documentation/PowerShell/Add-ADReplNgcKey.md#add-adreplngckey).
   - [Bare-metal recovery of domain controllers](../Documentation/PowerShell/New-ADDBRestoreFromMediaScript.md#new-addbrestorefrommediascript) from just IFM backups (ntds.dit + SYSVOL).
-  - Offline ntds.dit file manipulation, including [hash dumping](../Documentation/PowerShell/Get-ADDBAccount.md#get-addbaccount), [password resets](../Documentation/PowerShell/Set-ADDBAccountPassword.md#set-addbaccountpassword), [group membership changes](../Documentation/PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup), [SID History injection](../Documentation/PowerShell/Add-ADDBSidHistory.md#add-addbsidhistory) and [enabling](../Documentation/PowerShell/Enable-ADDBAccount.md#enable-addbaccount)/[disabling](../Documentation/PowerShell/Disable-ADDBAccount.md#disable-addbaccount) accounts.
+  - Offline ntds.dit file manipulation, including [hash dumping](../Documentation/PowerShell/Get-ADDBAccount.md#get-addbaccount), [password resets](../Documentation/PowerShell/Set-ADDBAccountPassword.md#set-addbaccountpassword), [group membership changes](../Documentation/PowerShell/Set-ADDBPrimaryGroup.md#set-addbprimarygroup), [trust password extraction](../Documentation/PowerShell/Get-ADDBTrust.md#get-addbtrust), [Golden gMSA and dMSA attacks](../Documentation/PowerShell/Get-ADDBServiceAccount.md#get-addbserviceaccount), [enabling](../Documentation/PowerShell/Enable-ADDBAccount.md#enable-addbaccount)/[disabling](../Documentation/PowerShell/Disable-ADDBAccount.md#disable-addbaccount) accounts, [LAPS password decryption](../Documentation/PowerShell/Get-ADDBAccount.md#example-9), and [DNS zone data export](../Documentation/PowerShell/Get-ADDBDnsResourceRecord.md#get-addbdnsresourcerecord).
   - [Online password hash dumping](../Documentation/PowerShell/Get-ADReplAccount.md#get-adreplaccount) through the Directory Replication Service (DRS) Remote Protocol (MS-DRSR). This feature is commonly called DCSync.
   - [Domain or local account password hash injection](../Documentation/PowerShell/Set-SamAccountPasswordHash.md#set-samaccountpasswordhash) through the Security Account Manager (SAM) Remote Protocol (MS-SAMR) or [directly into the database](../Documentation/PowerShell/Set-ADDBAccountPasswordHash.md#set-addbaccountpasswordhash).
   - [LSA Policy modification](../Documentation/PowerShell/Set-LsaPolicyInformation.md#set-lsapolicyinformation) through the Local Security Authority (Domain Policy) Remote Protocol (MS-LSAD / LSARPC).
-  - [Extracting credential roaming data](../Documentation/PowerShell/Save-DPAPIBlob.md#save-dpapiblob) and DPAPI domain backup keys, either online through [directory replication](../Documentation/PowerShell/Get-ADReplBackupKey.md#get-adreplbackupkey), [LSARPC](../Documentation/PowerShell/Get-LsaBackupKey.md#get-lsabackupkey) and [offline from ntds.dit](../Documentation/PowerShell/Get-ADDBBackupKey.md#get-addbbackupkey).
-  - Password hash calculation, including [NT hash](../Documentation/PowerShell/ConvertTo-NTHash.md#convertto-nthash), [LM hash](../Documentation/PowerShell/ConvertTo-LMHash.md#convertto-lmhash) and [kerberos keys](../Documentation/PowerShell/ConvertTo-KerberosKey.md#convertto-kerberoskey).
+  - [Extracting credential roaming data](../Documentation/PowerShell/Save-DPAPIBlob.md#save-dpapiblob) and DPAPI domain backup keys, either online through [directory replication](../Documentation/PowerShell/Get-ADReplBackupKey.md#get-adreplbackupkey), [LSARPC](../Documentation/PowerShell/Get-LsaBackupKey.md#get-lsabackupkey), and [offline from ntds.dit](../Documentation/PowerShell/Get-ADDBBackupKey.md#get-addbbackupkey).
+  - Password hash calculation, including [NT hash](../Documentation/PowerShell/ConvertTo-NTHash.md#convertto-nthash), [LM hash](../Documentation/PowerShell/ConvertTo-LMHash.md#convertto-lmhash), and [kerberos keys](../Documentation/PowerShell/ConvertTo-KerberosKey.md#convertto-kerberoskey).
 
 > DISCLAIMER: Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.
 
 ## Author
 
 ### Michael Grafnetter
 
-[![Twitter](https://img.shields.io/twitter/follow/MGrafnetter.svg?label=Twitter%20@MGrafnetter&style=social)](https://twitter.com/MGrafnetter)
+[![Twitter](https://img.shields.io/twitter/follow/MGrafnetter.svg?label=Twitter%20@MGrafnetter&style=social)](https://x.com/MGrafnetter)
 [![Blog](https://img.shields.io/badge/Blog-www.dsinternals.com-2A6496.svg)](https://www.dsinternals.com/en)
 [![LinkedIn](https://img.shields.io/badge/LinkedIn-grafnetter-0077B5.svg)](https://www.linkedin.com/in/grafnetter)
 
@@ -47,9 +47,9 @@ I would like to thank all people who have contributed to the project by [sending
 [![GitHub Downloads](https://img.shields.io/github/downloads/MichaelGrafnetter/DSInternals/total.svg?label=GitHub%20Downloads&logo=GitHub)](https://github.com/MichaelGrafnetter/DSInternals/releases)
 [![NuGet Gallery Downloads](https://img.shields.io/nuget/dt/DSInternals.Common.svg?label=NuGet%20Gallery%20Downloads&logo=NuGet)](https://www.nuget.org/profiles/DSInternals)
 
-### PowerShell Gallery (PowerShell 5+)
+### PowerShell Gallery
 
-Since PowerShell 5, you can install the DSInternals module directly from the official [PowerShell Gallery](https://www.powershellgallery.com/packages/DSInternals/) by running the following command:
+You can install the DSInternals module directly from the official [PowerShell Gallery](https://www.powershellgallery.com/packages/DSInternals/) by running the following command:
 
 ```powershell
 Install-Module DSInternals -Force
@@ -86,7 +86,7 @@ This package is self-contained and it will also install all dependencies. Note t
 
 ### WAPT Package
 
-The DSInternals PowerShell Module can also be installed using the [WAPT package](https://wapt.tranquil.it/store/tis-dsinternals/).
+The DSInternals PowerShell Module can also be installed using the [WAPT package](https://wapt.tranquil.it/store/en/tis-dsinternals).
 
 The package can be installed by the [WAPT console](https://www.wapt.fr/en/doc/wapt-console-usage.html) or by the [WAPT Command-line interface](https://www.wapt.fr/en/doc/wapt-command-line-interface.html) like so:
 
@@ -96,7 +96,7 @@ wapt-get install dsinternals
 
 This package is self-contained and it will also install all dependencies.
 
-### Offline Module Distribution (PowerShell 3+)
+### Offline Module Distribution
 
 1. Download the [current release](https://github.com/MichaelGrafnetter/DSInternals/releases) from GitHub.
 2. *Unblock* the ZIP file, using either the *Properties dialog* or the `Unblock-File` cmdlet. If you fail to do so, all the extracted DLLs will inherit this attribute and PowerShell will refuse to load them.
@@ -118,8 +118,8 @@ The easiest way of integrating the DSInternals functionality into .NET applicati
 
 ### Building from Source Code
 
-[![Visual Studio 2022](https://img.shields.io/badge/Visual%20Studio-2022-383278.svg?logo=Visual-Studio-Code)](CONTRIBUTING.md#building-from-source-code)
-[![Build Status](https://dev.azure.com/DSInternals/DSInternals%20CI/_apis/build/status/DSInternals?branchName=master)](https://dev.azure.com/DSInternals/DSInternals%20CI/_build/latest?definitionId=2&branchName=master)
+[![Visual Studio 2022](https://img.shields.io/badge/Visual%20Studio-2022-383278.svg)](CONTRIBUTING.md#building-from-source-code)
+[![CI Build](https://github.com/MichaelGrafnetter/DSInternals/actions/workflows/autobuild.yml/badge.svg)](https://github.com/MichaelGrafnetter/DSInternals/actions/workflows/autobuild.yml)
 
 You can of course download the [source code](https://github.com/MichaelGrafnetter/DSInternals/archive/master.zip), perform a review and compile the Module/Framework yourself. See the [CONTRIBUTING](CONTRIBUTING.md#building-from-source-code) guide for more info.
 
@@ -147,6 +147,7 @@ I have also published a series of articles about the DSInternals module on [my b
 - [Impersonating Office 365 Users With Mimikatz](https://www.dsinternals.com/en/impersonating-office-365-users-mimikatz/)
 
 ### Slide Decks
+
 - [Black Hat Europe 2019: DSInternals PowerShell Module](https://www.dsinternals.com/wp-content/uploads/eu-19-Grafnetter-DSInternals-PowerShell-Module.pdf)
 - [Black Hat Europe 2019: Exploiting Windows Hello for Business](https://www.dsinternals.com/wp-content/uploads/eu-19-Grafnetter-Exploiting-Windows-Hello-for-Business.pdf)
 - [HipConf New York 2018: Offline Attacks on Active Directory](https://www.dsinternals.com/wp-content/uploads/HIP_AD_Offline_Attacks.pdf)

Documentation/CHANGELOG.md

@@ -5,10 +5,13 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
-## [Unreleased]
+## [6.0] - 2025-08-14
 
 ### Added
 
+- PowerShell Core 7 and .NET SDK are now supported on the Windows platform.
+- The PowerShell module, NuGet packages, binaries, and scripts are digitally signed.
+- All pure CLR assemblies are built deterministically.
 - The new [Get-ADDBTrust](PowerShell/Get-ADDBTrust.md#get-addbtrust) cmdlet can read inter-domain trust objects from `ntds.dit` files, decrypt the trust passwords, and derive the Kerberos trust keys.
 - Added the [Get-ADReplKdsRootKey](PowerShell/Get-ADReplKdsRootKey.md#get-adreplkdsrootkey) cmdlet to enable reading specific KDS Root Keys over the MS-DRSR protocol.
 - Full support for `ntds.dit` files originating from RODCs.
@@ -625,7 +628,8 @@ This is a [Chocolatey](https://chocolatey.org/packages/dsinternals-psmodule)-onl
 ## 1.0 - 2015-01-20
 Initial release!
 
-[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v5.4.1...HEAD
+[Unreleased]: https://github.com/MichaelGrafnetter/DSInternals/compare/v6.0...HEAD
+[6.0]: https://github.com/MichaelGrafnetter/DSInternals/compare/v5.4.1...v6.0
 [5.4.1]: https://github.com/MichaelGrafnetter/DSInternals/compare/v5.3...v5.4.1
 [5.3]: https://github.com/MichaelGrafnetter/DSInternals/compare/v5.2...v5.3
 [5.2]: https://github.com/MichaelGrafnetter/DSInternals/compare/v5.1...v5.2

Documentation/PowerShell/Get-ADDBTrust.md

@@ -1,4 +1,4 @@
----
+---
 external help file: DSInternals.PowerShell.dll-Help.xml
 Module Name: DSInternals
 online version: https://github.com/MichaelGrafnetter/DSInternals/blob/master/Documentation/PowerShell/Get-ADDBTrust.md

Documentation/PowerShell/about_DSInternals.md

@@ -1,4 +1,4 @@
-# DSInternals
+# DSInternals
 ## about_DSInternals
 
 # SHORT DESCRIPTION

Src/DSInternals.Common/DSInternals.Common.csproj

@@ -2,11 +2,12 @@
   <!-- NuGet package metadata -->
   <PropertyGroup>
     <IsPackable>true</IsPackable>
-    <Version>5.5</Version>
+    <Version>6.0</Version>
     <AssemblyTitle>DSInternals Common Library</AssemblyTitle>
     <Title>$(AssemblyTitle)</Title>
     <Description>This package is shared between all other DSInternals packages. Its main features are Azure AD Graph API and ADSI clients for for retrieval of cryptographic material. It contains implementations of common hash functions used by Windows, including NT hash, LM hash and OrgId hash. It also contains methods for SysKey/BootKey retrieval.</Description>
-    <PackageReleaseNotes>- Added support for AD trusts.</PackageReleaseNotes>
+    <PackageReleaseNotes>- Migrated to .NET SDK.
+- Added support for AD trusts.</PackageReleaseNotes>
     <PackageTags>ActiveDirectory Security Entra AD AAD Identity Active Directory</PackageTags>
     <TargetFrameworks>net48;net8.0-windows</TargetFrameworks>
   </PropertyGroup>

Src/DSInternals.DataStore/DSInternals.DataStore.csproj

@@ -2,12 +2,13 @@
   <!-- NuGet package metadata -->
   <PropertyGroup>
     <IsPackable>true</IsPackable>
-    <Version>5.5</Version>
+    <Version>6.0</Version>
     <AssemblyTitle>DSInternals DataStore Library</AssemblyTitle>
     <Title>$(AssemblyTitle)</Title>
     <Description>DSInternals DataStore is an advanced framework for offline ntds.dit file manipulation. It can be used to extract password hashes from Active Directory backups or to modify the sIDHistory and primaryGroupId attributes.</Description>
-    <PackageReleaseNotes>- Added support for AD trusts.
-- Switched to using custom NuGet packages.</PackageReleaseNotes>
+    <PackageReleaseNotes>- Migrated to .NET SDK.
+- Added support for AD trusts.
+- Switched to using custom ManagedEsent NuGet packages.</PackageReleaseNotes>
     <PackageTags>ActiveDirectory Security NTDS AD Identity Active Directory</PackageTags>
     <TargetFrameworks>net48;net8.0-windows</TargetFrameworks>
   </PropertyGroup>

Src/DSInternals.PowerShell/Chocolatey/dsinternals-psmodule.nuspec

@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>DSInternals-PSModule</id>
-    <version>5.5</version>
+    <version>6.0</version>
     <packageSourceUrl>https://github.com/MichaelGrafnetter/DSInternals/tree/master/Src/DSInternals.PowerShell/Chocolatey</packageSourceUrl>
     <owners>MichaelGrafnetter</owners>
     <title>DSInternals PowerShell Module</title>
@@ -37,6 +37,7 @@ The DSInternals PowerShell Module has these main features:
 ## Disclaimer
 Features exposed through these tools are not supported by Microsoft. Improper use might cause irreversible damage to domain controllers or negatively impact domain security.</description>
     <releaseNotes>
+* Implemented support for PowerShell Core 7 on Windows.
 * The new Get-ADDBTrust cmdlet can read inter-domain trust objects from ntds.dit files, decrypt the trust passwords, and derive the Kerberos trust keys.
 * Added the Get-ADReplKdsRootKey cmdlet to enable reading specific KDS Root Keys over the MS-DRSR protocol.
 * Implemented full support for ntds.dit files originating from RODCs.

Src/DSInternals.PowerShell/DSInternals.psd1

@@ -228,6 +228,7 @@ PrivateData = @{
 
         # ReleaseNotes of this module
         ReleaseNotes = @"
+- Implemented support for PowerShell Core 7 on Windows.
 - The new Get-ADDBTrust cmdlet can read inter-domain trust objects from ntds.dit files, decrypt the trust passwords, and derive the Kerberos trust keys.
 - Added the Get-ADReplKdsRootKey cmdlet to enable reading specific KDS Root Keys over the MS-DRSR protocol.
 - Implemented full support for ntds.dit files originating from RODCs.

Src/DSInternals.Replication.Interop/AssemblyInfo.cpp

@@ -13,7 +13,7 @@ using namespace System::Security::Permissions;
 //
 [assembly:AssemblyTitleAttribute(L"DSInternals Replication Interop Library")];
 // Note: Do not forget to change the version in version.rc files.
-[assembly:AssemblyVersionAttribute("5.5")];
+[assembly:AssemblyVersionAttribute("6.0")];
 [assembly:AssemblyProductAttribute(L"DSInternals PowerShell Module")];
 [assembly:AssemblyCopyrightAttribute(L"Copyright (c) 2015-2025 Michael Grafnetter. All rights reserved.")];
 [assembly:AssemblyDescriptionAttribute(L"")];