db3af8e: Added UUID datatypes to flexinit (Lars Karlslund)
17451f8: Moved ParentDN to util, also create synthetic missing parents (Lars Karlslund)
78768a6: More info on passwords exposed via GPO cPassword entries (Lars Karlslund)
1014d17: Fixed schema parsing with superiors (Lars Karlslund)
5c785ed: Fix SID collision as it has no real world chance of doing anything (Lars Karlslund)
ae77571: Fixed some name parsing where we're missing the netbios domain part of it (Lars Karlslund)
570cef5: Update cytoscape.js to latest version (Lars Karlslund)
5e1d140: Merging over SIDs was way too generic, but maybe now it's just too strict (Lars Karlslund)
18b8a9d: Fix for looking up a non existing attribute (Lars Karlslund)
b158b9c: Switched to Bootstrap compatible UI (Halfmoon UI 2.x), upgraded jquery, jquery UI, cytoscape etc. UI improvements (and possible breakage) (Lars Karlslund)
f806aa3: Clarify a couple of attributes (Lars Karlslund)
e24e111: Missed some UI files (Lars Karlslund)
79bf7b8: Added comment about reasoning to refresh merge attribute list while merging (Lars Karlslund)
f671596: Replaced all 'interface{}' usage with 'any' (Lars Karlslund)
65c6fcf: Improved on FindOrAddAdjacentSID, and use that while parsing groups that are pointing to missing DNs (Lars Karlslund)
07ea98c: Bump Gonk version (Lars Karlslund)
de79909: Split include and exclude queries up in seperate input fields, and also add an option to exclude last objects by query (Lars Karlslund)
827571b: Go mod tidy circus (Lars Karlslund)
6d7b57d: Refactored the analysis function, moved graphs to own package, minor fixes, analysis performance optimization, node limiter, start/middle/end queries rather than the convoluted mess that was before (Lars Karlslund)
9057df0: The usual go mod tidy problem, arrrrrgh (Lars Karlslund)
1b81a94: Default maxdepth to -1 not 99 (Lars Karlslund)
12d1a63: Added minimum accumulated probability filter, fixed toasts (Lars Karlslund)
68846c0: Tooltips, don't expand AU / EO option, iterator for Graph edges, backlinks fuzz implemented but not enabled in WebUI (causes chaos), graph edge can have data attached (Lars Karlslund)
40ba8f0: Generalized Protected Users lookup, changed the members of Authenticated Users logic (Lars Karlslund)
e8cd715: Removed dark mode class on body (Lars Karlslund)
8f9f1be: Got rid of the ForeignSecurityPrincipal type entirely (Lars Karlslund)
aeb557e: Changed tag "escalation" to "pivot" for edges internally (Lars Karlslund)
20f7e73: Tooltip for query input boxes (Lars Karlslund)
0a503ff: Added "extract words" feature for creating wordlist to use with hashcat rules (Lars Karlslund)
92c2f16: Time decoding for BadPasswordTime (Lars Karlslund)
25921ed: Upgrade builds to Go 1.21 (Lars Karlslund)
de7730b: Attribute objectCategorySimple -> type, parsing of securitydescriptors moved to rawobject, added securitydescriptor parsing to 5 other attributes, ACLs can now print without resolving SIDs, added RBCD edge, renamed some of the meta attributes, added predefined search for Unconstrained delegation computers and Constrained delegation (Lars Karlslund)
40f0f04: Rename log level function (Lars Karlslund)
53ea2e3: Various attributes and edges refactoring (Lars Karlslund)
b8f39b4: Missed a few calls in the refactoring (Lars Karlslund)
8905e42: Moved Absorb critical section to be the entire function (Lars Karlslund)
ad88395: Added my Mastodon handle to readme (Lars Karlslund)
465903d: Minor changes, removed my own version of uuid.Nil (Lars Karlslund)
3461954: Collect activedirectory now accepts and auto-detects multiple servers, trying each one in order until a successfull connect is done (Lars Karlslund)
c35204f: Fix for filtering on incoming edge wasn't case insensitive (In != in) (Lars Karlslund)
511e79b: Added warning for DataSource and DownLeveLogonName NETBIOS mismatch (gives false warnings!) (Lars Karlslund)
67bfd01: Various fixes for SID lookups in local machine imports (Lars Karlslund)
a69c964: Got rid of the ForeignSecurityPrincipal nodes (Lars Karlslund)
c4f5db3: Fixed build status in readme (Lars Karlslund)
b63280c: Minor fix for GPO name matching (Lars Karlslund)
fecf730: Expose some query structures externally (Lars Karlslund)
980592e: Bumping module versions and Go to 1.20 (Lars Karlslund)
4e7a12a: Minor graph support functions added (Lars Karlslund)
dbcca31: A slew of module upgrades (Lars Karlslund)
7eea5f0: Support for node size choices in UI and reworked preferences load/save to support dynamically changing options (Lars Karlslund)
56a4ed5: Added code for setting a description on an attribute (Lars Karlslund)
c31d0c1: Tags on edge types (Lars Karlslund)
2751a25: Using tags to mark stuff as escalation (Lars Karlslund)
66e6ecc: Experimental support for Kerberos cache files, this is totally untested since no one responded to my call for help on this (Lars Karlslund)
6c2b9ec: Missing dependency and upgraded precompiled versions to Go 1.20 (Lars Karlslund)
6e90b1c: Build problems (Lars Karlslund)
8e13472: Latest is not universal for github actions ¯_(ツ)_/¯ (Lars Karlslund)
5e12f90: Github action for Go is nitpicky about YAML types (Lars Karlslund)
aa4c038: Minor multiplatform compile problem (Lars Karlslund)
v2022.10.31
1 year ago
Commits
f8e1cdf: Fix for predefined queries, now targets Machines not Computer(accounts) (Lars Karlslund)
d4829e0: Relax case sensitive strictness on synthetic attributes (Lars Karlslund)
56b8313: Added teaser graph to readme (Lars Karlslund)
49c5e82: Extra linefeed needed in readme (Lars Karlslund)
ee3486f: Minor fixes (Lars Karlslund)
4b4310e: Improved probability calculation for RDP when INTERACTIVE gives admin rights, other fixes (Lars Karlslund)
7a72f74: Changed behaviour when doing fast merges, the DataSource attribute is merged, but the rest is assumed to be equal in both objects (Lars Karlslund)
f3769f2: Added MemberOfIndirect which collapses intermediate group memberships (Lars Karlslund)
31de33a: Added GetDomainInfo function (Lars Karlslund)
fbc20c5: Renamed function and added dark orange lines to MemberOfGroupIndirect edge (Lars Karlslund)
556e032: Fixed extensions for binaries built with the script (Lars Karlslund)
0fe3ebb: Finally EdgeIteratorRecursive found out what its real name was (Lars Karlslund)
ffc9f9d: Many, many internal changes (Lars Karlslund)
74f68ed: Readme changes and added contributing information (Lars Karlslund)
3ff7840: Added progressbars and engine status to UI, moved som processing tasks to the background (Lars Karlslund)
101bed5: Upgraded a lot of Go modules (Lars Karlslund)
47153d3: Revert upgraded module (Lars Karlslund)
d09546c: Blur background of UI when Adalanche backend is not responding (Lars Karlslund)
615be3a: Progressbars should just move forward (Lars Karlslund)
1770d29: Got rid of slice range and moved to iterator pattern for Objects, improved indexes by adding multiindex (Lars Karlslund)
84f97f8: Fixed the "loaded / skipped" count while loading files (Lars Karlslund)
5cf7333: More refactoring and better performance at the cost of some more RAM (Lars Karlslund)
9374774: Improved DAGRE layout, but it's not there yet (Lars Karlslund)
c475bc9: Upgraded artifact storage module in Github actions (Lars Karlslund)
a7cb3ba: Better naming for some variables, switched to my own concurrent backend for storing edges rather than gsync.MapOf (it's a sorted slice using binary lookup) (Lars Karlslund)
d811517: BCE on Edge (Lars Karlslund)
d783617: Simplify to allow inlining (Lars Karlslund)
479484d: Various optimizations for EdgeConnectionsPlus (Lars Karlslund)
ca59141: Prepare to do forced sorting, maybe after everything is analyzed (Lars Karlslund)
89a1210: RDP edge evaluator is broken, commenting it out (Lars Karlslund)
64731ac: Less strict function to Add object to Objects collection (Lars Karlslund)
31cf73e: Missing Go.mod things and also added zerotime log output (shows elapsed time from start rather than current time) (Lars Karlslund)
45588b9: Moved absorber lock to critical section only (Lars Karlslund)
42a40d9: Way better performance when maintaining EdgeConnectionsPlus backing (does dirtty sort + merge rather than global sort) (Lars Karlslund)
64e06f9: Bug in Absorb because Object detected it was no longer valid (Lars Karlslund)
512115c: Fix for zerologtime outputting wrong minutes (Lars Karlslund)
v2022.10.28
1 year ago
Commits
f8e1cdf: Fix for predefined queries, now targets Machines not Computer(accounts) (Lars Karlslund)
d4829e0: Relax case sensitive strictness on synthetic attributes (Lars Karlslund)
56b8313: Added teaser graph to readme (Lars Karlslund)
49c5e82: Extra linefeed needed in readme (Lars Karlslund)
ee3486f: Minor fixes (Lars Karlslund)
4b4310e: Improved probability calculation for RDP when INTERACTIVE gives admin rights, other fixes (Lars Karlslund)
7a72f74: Changed behaviour when doing fast merges, the DataSource attribute is merged, but the rest is assumed to be equal in both objects (Lars Karlslund)
f3769f2: Added MemberOfIndirect which collapses intermediate group memberships (Lars Karlslund)
31de33a: Added GetDomainInfo function (Lars Karlslund)
fbc20c5: Renamed function and added dark orange lines to MemberOfGroupIndirect edge (Lars Karlslund)
556e032: Fixed extensions for binaries built with the script (Lars Karlslund)
0fe3ebb: Finally EdgeIteratorRecursive found out what its real name was (Lars Karlslund)
ffc9f9d: Many, many internal changes (Lars Karlslund)
74f68ed: Readme changes and added contributing information (Lars Karlslund)
3ff7840: Added progressbars and engine status to UI, moved som processing tasks to the background (Lars Karlslund)
101bed5: Upgraded a lot of Go modules (Lars Karlslund)
47153d3: Revert upgraded module (Lars Karlslund)
d09546c: Blur background of UI when Adalanche backend is not responding (Lars Karlslund)
615be3a: Progressbars should just move forward (Lars Karlslund)
a14a7d3: Color fix for machine and added displayName for loose Machines (Lars Karlslund)
ecaa968: Wrapped map in object Edge methods to be able to do locking (Lars Karlslund)
63be0f7: Discontinued support for very old GPO dumps (Lars Karlslund)
5dc0951: Fixes some linking for Machine objects (Lars Karlslund)
4835a3e: Unused attribute in engine (Lars Karlslund)
7f5c89e: Let's try adding CycloneDX SBOM to prereleases (Lars Karlslund)
5ab49f7: Fixed naming problem for matrix builds in PowerShell build script (Lars Karlslund)
e4d7840: Added First() and Itereate(f) to AttributeValues (Lars Karlslund)
e531f82: Refactored some calls (Lars Karlslund)
6f46164: Added query.Execute for optimized queries using indexes (Lars Karlslund)
4888208: Separate Machine object fixes for DCs (Lars Karlslund)
31a52f9: Added warnings while dumping AD for objects with no attributes and objects returning attributes but with no values set for one or more attributes (Lars Karlslund)
866cfe6: Fixes and optimizations galore (Lars Karlslund)
06f0a3d: Domain Controllers local machine merge problems (service accounts should map to global SIDs in AD) added FIXME comment on this (Lars Karlslund)
f18195e: Added more data from local machines to the Machine object, fixed unconstrained delegation attribute and predefined query for it (Lars Karlslund)
f23d3d7: Added more datatypes to AD Explorer import (Lars Karlslund)
074274b: Added in, out for edge direction in ldap parser (replaces _pwnable / _canpwn) (Lars Karlslund)
8ad5cc1: Minor naming adjustments (Lars Karlslund)
5038162: Parallelized loader.Load calls, removed Loader Analyzers, refactored functions that was Analyzers -> Processors (Lars Karlslund)
6c164c5: Fixed race in AD Loader when getting shard (Lars Karlslund)
9551338: Moved some localmachine loader Close postprocessing to a Processing tasks (where it belongs) (Lars Karlslund)
2256292: Query attribute parsing problem (Lars Karlslund)
46ea5b4: Upgraded some modules (Lars Karlslund)
de0d736: Renamed some variables, fixed merging, better objects for local machines and added a detector for Remote Desktop based on privileges and not group name only (Lars Karlslund)
b5e5231: Domain Authenticated users is member of Authenticated users on Domain members (Lars Karlslund)
2a4ea61: Various type fixes (Lars Karlslund)
bf1421e: Added option to purge old data when doing an AD dump (for scripting) (Lars Karlslund)
44c12fb: Added detection of collectors running unprivileged, added warning on importing data from unprivileged collectors, added warning for missing share DACLs from collectors, fixed architecture detection for 32-on-64 bit collectors (Lars Karlslund)
540670d: Revised logo and custom fonts on the UI (Lars Karlslund)
e1ca556: Various internal naming changes (Lars Karlslund)
653d2f6: Updated favicon (Lars Karlslund)
ee4760f: UI strangeness (Lars Karlslund)
3cb3855: Fix for swapping the wrong UUID, added AutoEnroll permission and VoodooBit detector (Lars Karlslund)
0a7b076: Loader init errors results in a Fatal now (Lars Karlslund)
0bb948b: Inverted LDAP query fix (Lars Karlslund)
v2022.8.26
1 year ago
Commits
22aad63: Multi-attribute index, another progressbar, fixup with UniqueSource set to DomainPart when loading, RootDSE is synthesized and imported, performance optimizations (Lars Karlslund)
18ee88a: Improved merges across domains, and performance. Added experiemntal "limitattributes" on analysis for only loading attributes the engine needs into memory (Lars Karlslund)
37cbbfc: Updated readme and reorganized some LDAP stuff (Lars Karlslund)
ad64eec: Fixed window resize grabs showing through windows, windows bring to front on click fixed, auto/max window size when popping up, spinner on "Running graph layout" status (Lars Karlslund)
c1aeb3d: Switched to upgraded deduplication package (Lars Karlslund)
aa2ca58: Used PwnMethodBitmap functionality rather than duplicating it (Lars Karlslund)
2ccf4ac: Updated comparison table a bit in the readme (Lars Karlslund)
428fa80: Corrected mistake in the sum of objects (Lars Karlslund)
8271fd2: Changed graph types to Node and Edge for clarity (Lars Karlslund)
1a99685: Performance optimization for attribute lookup (called a lot from RawObject) (Lars Karlslund)
881c409: Used a pool of slice in order to speed up single value attribute conversions (Lars Karlslund)
2d26cd4: Missed this line (Lars Karlslund)
b33a2f0: Lookup for ObjectType (Lars Karlslund)
3213b51: Proper backing for GUID conversion (Lars Karlslund)
bd63eba: Fixed missing stuff from go.sum (Lars Karlslund)
8fa2b66: More go.mod funkyness fixed (Lars Karlslund)
420c6a3: Fix for LDAP multiplatform initialization (Lars Karlslund)
dd304ce: Return whether a JS window is new or not when creating it (Lars Karlslund)
4e4e728: Saved one allocation when returning SIDs (Lars Karlslund)
cc1d32e: Performance increase for AD Explorer snapshot import and some fixes for LDAP dumping (Lars Karlslund)
1ba67ae: Upgraded to new stringdedup module version (Lars Karlslund)
595f776: Switched the securitydescriptorcache to uint64 index (Lars Karlslund)
443e24b: Performance tweak for Merge (Lars Karlslund)
8c39e54: Ignore Foreign-Security-Principal for various ACL analysis functions (Lars Karlslund)
608678b: Simpler GUID handling when converting RawObject to Object (Lars Karlslund)
78332ce: Simplified the idindex, saving a pointer per objecs in objects collection (Lars Karlslund)
8fc7446: Allowing 0 expansion when doing analysis. Not useful but it seems right. (Lars Karlslund)
f7476d9: Proper locking on MemberOfSID and added AttrTime and AttrBool methods (Lars Karlslund)
4c50368: Moved some ACL warnings to debug (Lars Karlslund)
705c221: Fixed DENY-before-ALLOW checking in CheckObjectClass, more "logic" sorting of ACE entries in ACL, opmized DENY checks to skip "blocks" of ALLOW entries (Lars Karlslund)
deaaa12: Permit AD Explorer snapshots to contain blank strings (fix for issue #17) (Lars Karlslund)
13924b8: Readme adjustments (Lars Karlslund)
a528dc2: License changed to AGPL, logging and progressbars via own UI package, logging to file, various naming conventions in code changed, performance speedup while merging objects, got rid of BuildDate (Lars Karlslund)
dae594d: Fix UI window max size (Lars Karlslund)
d584ae6: Be quiet about missing preferences file (Lars Karlslund)
88b3fbf: Naming and dropped SCC analysis for now (Lars Karlslund)
fde0cd3: Improvements for TrustMap (Lars Karlslund)
e0c2462: Progressbar fix (Lars Karlslund)
51ec495: Fix for out of bounds when hitting expand limit (Lars Karlslund)
febd767: Fixed :since: modifier which has been broken for a while (Lars Karlslund)
1e79f62: Added privilege assignment to collector (will need admin mode to grab this data), renamed som Pwn names (Lars Karlslund)
687e318: Added cPassword analysis to GPO (Lars Karlslund)
7a3f634: Made cpassword and username attribute matching case insensitive (Lars Karlslund)
5abf030: Fix for returning not returning placeholder objecttype (Lars Karlslund)
7448445: Fixes for privileges analyzer (Lars Karlslund)
002fda7: Better duplicate SID handling in multi forest/domain analysis, option to not import CNF (conflict) objects from AD (default = don't import) (Lars Karlslund)
bab7b46: Fix for weird blank page problem when selecting a new predefined query (Lars Karlslund)
6a2b197: Collect ProductType and ProductSuite from registry (Lars Karlslund)
9729985: Icons for executables (Lars Karlslund)
81e463b: Timeout for CPU profilng (Lars Karlslund)
41421ab: Reworked how merging works, integrated UniqueSource into the main engine (Lars Karlslund)
298c654: Missing experimental stuff for attributes (Lars Karlslund)
4be4563: Changed some logging output, more correlation from GPOs, multi-level search function for objects, collector grabs scheduled task information and other goodness (Lars Karlslund)
f2cd313: Upgrade auto-builder to Go 1.18 (Lars Karlslund)
195fb65: Isolate taskmaster package to localmachine collector, to enable other OS builds again (Lars Karlslund)
68048f4: Added a bunch of omitempty to localmachine structs (Lars Karlslund)
85fc7e3: Added command and arguments for ScheduledTask collection (Lars Karlslund)
2ff1546: Fix for testing missing SID filtering message, re-read the docs, this seems more correct. Only gives log output for now. (Lars Karlslund)
6f7022a: Added more privileges to enumerate members of (Lars Karlslund)
2ee1f2c: DACL and Owner for Scheduled Task executables (Lars Karlslund)
dea4442: SysInternals AD Explorer snapshot support (Lars Karlslund)
1fa5d4f: Implemented default FML for pwns (Lars Karlslund)
e2eab58: Fixed GPO collection for objects that come from AD Explorer (Lars Karlslund)
367f080: Moved group membership resolution based on DNs and object Members() calls to after merge, in order to fix parent-child setups (Lars Karlslund)
093e807: sidHistory attribute decoded as SID (Lars Karlslund)
6cfb28f: Attribute type fixes, AD Explorer conversion fix for "bool" (Lars Karlslund)
6f0c723: AD Explorer conversion fix for "bool" datatype (wasn't included in last commit) (Lars Karlslund)
c95cbd6: Fix for NonExistingAttribute in queryparser (Lars Karlslund)
f93e48f: Removed some false positives where there was a DENY ACE pointing to a group that a later ALLOW ACE was member of (Lars Karlslund)
12d9ac7: More robustness if RootDSE doesn't return all the attributes we expect (Lars Karlslund)
3dd0f7b: Naming conventions fix for well known SIDs (Lars Karlslund)
f1fa2f6: Reworked indexes, merging and deduplication of dual-loaded distinguishedName objects - also CNF and DEL objects are not loaded default now (Lars Karlslund)
e65aed6: Fix for merge-but-then-add-anyway problem (Lars Karlslund)
936dd44: Support for matching on multiple attributes in query by glob matching on attribute names (*=thedudeabides) (Lars Karlslund)
1aaff27: Fix for AdminSDHolder analyzer in multi-domain analysis (Lars Karlslund)
7fd7577: Fixes for Absorb, changed from slice to map for member/memberof, also Go 1.18 requirement due to generics (Lars Karlslund)
d877dcb: Data corruption fix for bug that affected last attribute being set in setFlex (Lars Karlslund)
699e656: WSUS host server collection from localmachine and added edge "patches" for attack path analysis (Lars Karlslund)
8923752: Typo fix (Lars Karlslund)
610c12f: Added combined WSUS/SCCM edge as "ControlsUpdates" (Lars Karlslund)
6e50c67: Resolve GPO group assignments that contain %Computername% etc. in them to the real groups (Lars Karlslund)
777c584: Reduced output on many missing groups when resolving from %Computername% (Lars Karlslund)
94eb7bb: Fixed the since and timediff query modifiers (Lars Karlslund)
16bb4a8: Updated readme file with new screenshots and more relevant information (Lars Karlslund)