Adalanche Versions Save

Commits

• 500ba64: Added targets for OSX M1 and Linux arm64 (Lars Karlslund)
• 973df0f: Disabled users did not render properly on graph (Lars Karlslund)
• 804c55e: Fix for not routing through reset password for disabled accounts by setting probabiility to -1 (Lars Karlslund)
• e6f1a86: Upgraded LDAP module and minor adjustments to CLI processing, added LDAP debug mode (Lars Karlslund)
• 8975ef0: Documented NTLM bug in the readme (Lars Karlslund)
• 50e128f: Added some auto-cleverness to SetFlex (Lars Karlslund)
• 70d4a41: Merge remote-tracking branch 'origin/master' (Lars Karlslund)
• 45918f4: Honor ignoreblanks for SetFlex in string slices (Lars Karlslund)
• 976c301: Fixed deadlock (Lars Karlslund)
• 44e0c3e: Added backlinks analysis option in GUI (Lars Karlslund)
• 9793934: Refactored loaders, so each loader can return multiple Objects collections, added optional merge function override analysis functions, added PwnsEx for forced pwns, foreign identities are not merged but linked together now, fixes for SID class (Lars Karlslund)
• cdaa735: Added subquery matching for _canpwn and _pwnable - sample: (_canpwn=DCsync,(distinguishedName=dc=something,dc=local)) (Lars Karlslund)
• 10966c7: Added pwns to Domain Controllers for members of Administrators, Remote Desktop Users and Distributed DCOM Users (Lars Karlslund)
• 822840a: Added Foreign-Security-Principals to "Everyone" and "Authenticated Users" groups (Lars Karlslund)
• 852287f: Added object dump functionality without the ACL details (Lars Karlslund)
• 5006a78: Commented code that produced logging stuff that slipped into a commit (Lars Karlslund)
• 9d28149: Fix for subquery parsing and added predefined search for DCsync (Lars Karlslund)
• 1399a6f: Optimized object label function performance (Lars Karlslund)
• 0e27e3a: Reorganized query resolvers a bit and fixed a bug with time handling in :since: modifier (Lars Karlslund)
• 8b342d0: Changed AD object ingestion so a timestamp with value 0 will result in it being an integer, not a time.Time (was correct in my use case but might be ugly later on) (Lars Karlslund)
• 843b4fe: Fixed DCsync detection in some scenarios (Lars Karlslund)
• 48f7f5d: Merged naming of pwns for local admin, RDP and DCOM (Lars Karlslund)
• 948d56e: Added Enterprise Domain Controllers group membership for DCs (Lars Karlslund)
• 1bb651a: Added DNS icon for DNS nodes and changed color on right click node menu (Lars Karlslund)
• b3ecd2f: Upgraded some javascript libraries (Lars Karlslund)
• 4ad7800: Switch from fatal to warning for Creator Owner AD fixup when analyzing .... different things only ;) (Lars Karlslund)
• e508d8e: Fix for autodetection logic in CLI (Lars Karlslund)
• e3d8392: Add warning for GPO collection if no files are actualy collected (hints to maybe running collection as Domain Admin) (Lars Karlslund)
• 8601189: GPO file permission analysis added, bugfix for local machine file permissions analysis (Lars Karlslund)
• 7c1183d: SID object bugfix for embedded length (Lars Karlslund)
• 7a06fb3: Fixed object merges does not cross forests, creates synthetic Foreign-Security-Principals, and returns better results for cross forest takeovers in graph. It's a beast of an update! (Lars Karlslund)
• f1f9c02: Improved cross forest object joins, added icon for foreign security principals, merge validator functions implemented (Lars Karlslund)
• ab904ae: Fix for memberOf being a virtual attribute that doesn't exist on Foreign-Security-Principal. Now adalanche uses both member and memberOf to calculate group memberships (Lars Karlslund)
• c1a2e5e: Dynamic object types and support for having them defaulted on or off in UI (Lars Karlslund)
• 9f9d1f8: Fixed graph depth filtering, and prepared for fuzzball-factor parameter (Lars Karlslund)
• 33d0b22: Debug stuff removed (Lars Karlslund)

Commits

• bc91a53: Linting fixes - struct reordering - code simplification - minor version package changes - objectclassguid regression fix (whoops!) - moved some attributes to more appropriate packages (Lars Karlslund)
• 7c53997: Added an anonymizer for the graph display, which scrambles characters randomly (Lars Karlslund)
• 43a5914: Changed wording in readme, since some people are deliberate assholes (Lars Karlslund)
• 73af46e: Various improvements (Lars Karlslund)
• 2b742f4: Fix for Absorb that deadlocks when two objects are in the same lockbucket (Lars Karlslund)
• 08d662a: Program name output fix (Lars Karlslund)
• de15566: Fixed a long standing bug in ACL parsing (padding was not respected) (Lars Karlslund)
• 4a17008: Fixed problem with local users that are deleted since they logged in (Lars Karlslund)
• 66b8180: MAX_IMPORTED is broken, so it's been disabled for now. (Lars Karlslund)
• 365543e: Minor locking fixes, wording about collecting data (Lars Karlslund)
• 55b3b21: More auto goodness - queryies RootDSE for contexts available and collects from those available. Everything is now set to "auto". If you have parent child domains, just point to a server in each domain and everything else should work by itself. (Lars Karlslund)
• b472b3e: Various error message formatting (Lars Karlslund)
• 3fc7c0f: Added Len method to objects (Lars Karlslund)
• 2487425: Merge branch 'master' of https://github.com/lkarlslund/adalanche (Lars Karlslund)
• 703b988: Fix for local html override, where assigning a wrong path makes the webservice use neither the built in nor the local files (Lars Karlslund)
• d54bd1d: Merge remote-tracking branch 'origin/master' (Lars Karlslund)
• 45bc999: Reorganized webservice, fixes for progressbar, (Lars Karlslund)
• 4eb78ae: Refactored some functions around object properties, prioritized loading of larger files before smaller filers (Lars Karlslund)
• 1023340: More work on making the webservice expandable, and fixed an iteration problem for attributes that are set on an object (Lars Karlslund)
• 0a06d8d: Fixed permissions when adalanche creates the data folder (Lars Karlslund)
• 45baea8: Added recognized extensions to the readme (Lars Karlslund)
• a2483ff: Minor fix for datapath (Lars Karlslund)
• 10ac952: Changed RootDSE filename to omit server name (Lars Karlslund)
• a0c64fa: Added UI for "prune island nodes" graph option (Lars Karlslund)
• 81f9141: Improvements for pwn analysis CreateComputer and CreateUser (Lars Karlslund)
• efc9064: Fix for method filtering in the LDAP queries using _pwnable and _canpwn synthetic attributes (Lars Karlslund)
• 2e5fa20: Merge remote-tracking branch 'origin/master' (Lars Karlslund)

Commits

• 8fbe94b: Shows version in web GUI, better presentation of welcome popup in GUI (Lars Karlslund)

Latest and greatest.

Major changes are coming, which could introduce some breakage, so I'm releasing this as the last of the old generation.

General improvements

Brand new and hot - like the summer

• integrated NTLM auth on the Windows platform
• on Windows - just run the executable - couldn't be easier
• more predefined searches
• added "Authenticated Users" group and "Everyone"
• understands that GPOs can affect users and computers
• Github actions, so every commit will result in a compiled version under artifacts

adalanche can now read password from the console, so you don't have to enter it on the commandline added commit hash to executables released, and auto setting these in the binary at build time

A bit rough in the edges release