Skip to content

v2025.2.6

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 06 Feb 17:50
v2025.2.6
f6ef22a

Commits

  • a9293e2: Partial fix for AD Explorer imports (fixes negative offsets) (Lars Karlslund)
  • cfe2e91: Hexify unreadable binary outputs and truncate long values in details view of webinterface (Lars Karlslund)
  • 89325b8: Re-added Foreign-Security-Principal type and fixed InheritsSecurity, sigh (Lars Karlslund)
  • 69a66ad: Parsing of msPKIRoamingTimeStamp (Lars Karlslund)
  • afdcf7e: Slice out of bounds fix (Lars Karlslund)
  • 706eb3b: Created DCsync node, switched from meta attributes to a single "tag" attribute, removed debug code, a few more privs to localmachine leading to nowhere, (Lars Karlslund)
  • d36f0b6: First attempt at NTDS.DIT reader - timestamps and objectClass are still not working (Lars Karlslund)
  • 2cf6bab: Minor fixes (Lars Karlslund)
  • 270b8ad: Added specific service SID objects to local machine services (Lars Karlslund)
  • c47aad0: Fixed probabilities for regular sync edges, they're just informative (Lars Karlslund)
  • 34780b3: Temporarly disabled a webservice call (Lars Karlslund)
  • cacbfb2: Servicepoint, renamed variable, added NTDS debug dump (Lars Karlslund)
  • 183037f: KerberosCache pre-check fix (Lars Karlslund)
  • 3d21b58: Removed non working SACL parsing that wasn't in use anyway (Lars Karlslund)
  • c1987cd: Minor fixes for cli help (Lars Karlslund)
  • 91b2607: Upgraded go-ese and flushes file when dumping NTDS.DIT - still not working but much closer now (Lars Karlslund)
  • a860283: Commented RIDs (Lars Karlslund)
  • 906f733: Ignore certs for StartTLS fixed (Lars Karlslund)
  • b6cad76: Better attempt at Kerberos Cache authentication (Lars Karlslund)
  • 9d8a381: More verbosity when dumping AD (Lars Karlslund)
  • 5754486: Check AD Disconnect error (Lars Karlslund)
  • 2eecacd: Kerberos cache now works (Lars Karlslund)
  • dd6a32f: Minor lint fixes in AD Explorer import (Lars Karlslund)
  • 2847453: Switched to gin http router (Lars Karlslund)
  • 7bb60bb: Switched EdgeConnectionsPlus to using Gonk as backend, since this is stable now (Lars Karlslund)
  • 5a023f3: Fixed the binary icon (Lars Karlslund)
  • d68e991: Semi-collapsed options panel doesn't shadow the graph (Lars Karlslund)
  • c2c0dbc: Moved query tooltips to only show when hovering the tab (Lars Karlslund)
  • 3c5c054: Added native Windows LDAP collection for Windows builds (Lars Karlslund)
  • 0e3f23b: Remove unneeded package (Lars Karlslund)
  • 64df70c: Removed unnecessary C import and thread locking (Lars Karlslund)
  • 6ae8271: Switch gin router to release mode (Lars Karlslund)
  • 7202f82: Upgrade github actions and switch to Go 1.22 (Lars Karlslund)
  • 4174f46: Fix predefined queries hides behind the about box on launch (Lars Karlslund)
  • f9134f8: Various fixes to predefined queries after switching from custom attributes to tags (Lars Karlslund)
  • 1cea88e: Fixed inactive accounts icons (Lars Karlslund)
  • 7bdd945: Switched from AbortWithError to String, as gin doesn't output the error when calling the abort function (Lars Karlslund)
  • 3ab9960: Fix for accounts missing the accountExpires attribute (Lars Karlslund)
  • 5ebf4c0: A slew of fixes and optimizations (Lars Karlslund)
  • 990e3ff: Merge branch 'master' of github.com:lkarlslund/adalanche (Lars Karlslund)
  • 0370048: Updated gonk to latest version to match interface changes (Lars Karlslund)
  • bbfd29f: Fix go.sum, sigh (Lars Karlslund)
  • 7774681: Proper gonk upgrade (Lars Karlslund)
  • f1573f2: Fix for GoBytes assumption on incoming slice length (Lars Karlslund)
  • 7b16762: Made the localcollector technically buildable on other platforms, but without functionality for now (Lars Karlslund)
  • 39b8b5f: Visually identify outer nodes in graph with blue (Lars Karlslund)
  • 3a5ba59: Minor changes (Lars Karlslund)
  • 50666c3: Fallback to finding SCCM machine via "name" if "dnshostname" fails (Lars Karlslund)
  • f3157ab: Naming convention fix for "pwn" to "edge" between frontend and backend (Lars Karlslund)
  • 28e22db: Update Halfmoon UI to 2.0.2 (Lars Karlslund)
  • 1dc0a1a: Added https support, experimental native Windows Cert Store support (not tested), moved a lot of the backend API URL paths, switched Twitter link to X, added support for all commandline flags in configuration.yaml file in datapath, processing can now load from multiple paths, other minor things (Lars Karlslund)
  • 1cf673c: Minor javascript bugfix (Lars Karlslund)
  • 53b5255: Collector entrypoint is now in main code, building variants using build tags (Lars Karlslund)
  • 86b82e6: Log panic mode now passes message (it's not used though) (Lars Karlslund)
  • 073cc1f: Added FreeBSD and OpenBSD binary builds (Lars Karlslund)
  • c432ec4: Generalized builder binary (Lars Karlslund)
  • c56603d: The dedicated collector binary defaults to doing collection if no parameters are supplied (Lars Karlslund)
  • 9b92f4b: Bump requirements in go.mod (Lars Karlslund)
  • fb4cae9: Fix backend API url for progress (Lars Karlslund)
  • 7b931c2: Updated readme to reflect global / vs command options. (Lars Karlslund)
  • e9c5062: Moved pre-defined queries to code, added persistence database, changed incoming query parsing functions (Lars Karlslund)
  • 14f5803: Added missing bbolt (Lars Karlslund)
  • 8da5ec4: Various fixes (Lars Karlslund)
  • babd9ff: Added ESC15 detection (Lars Karlslund)
  • 8c04e35: Workaround for missing in-progress function (Lars Karlslund)
  • 56ca6cd: Modified edge probability calculator function signature (Lars Karlslund)
  • 6d9432a: Configuration load failure is just a debug message (Lars Karlslund)
  • cc158b4: Added LAPS v2 detection, predefined query for RODCs, tagged RODCs, various query fixes (Lars Karlslund)
  • f8c194a: More LAPS (Lars Karlslund)
  • 7d1d4da: Move various registry collection from localmachine to dedicated functions, making more registry keys easy to add (Lars Karlslund)
  • 6f7f0cc: Powershell script to install various prereqs for working with Adalanche code (Lars Karlslund)
  • 4a7ba88: Renamed "analyze" module to "frontend" and added AQL (Lars Karlslund)
  • 98c946e: Various minor fixes (Lars Karlslund)
  • 0da73ce: Add source/target colors by using AQL references (Lars Karlslund)
  • 9684c73: Fix query definition struct JSON tag (Lars Karlslund)
  • 7dff523: Add positioning to new windows in UI (Lars Karlslund)
  • 67ae2ac: Add toasts and icons, save and delete of queries (Lars Karlslund)
  • 097a132: Save/delete JS fix (Lars Karlslund)
  • 950b497: Refactored FileExists to PathExists (Lars Karlslund)
  • cdcd40c: Improved NTDS.DIT import, since multi value reads are now possible from ESE databases, changed how regular domain and server autodetection works (Lars Karlslund)
  • 8cf55bc: Tweaking domain autodetection, sane port defaults, generic registry function, various other minor changes (Lars Karlslund)
  • 8974f81: Re-enable node position randomization (Lars Karlslund)
  • 3d50682: Added LDAP object count log output and option for using an obfuscated query (Lars Karlslund)
  • 58d4067: Windows LDAP compile fix (Lars Karlslund)
  • 460c6aa: Fix json mapping for ResolverOptions from UI (Lars Karlslund)
  • 5b4f302: Progress websocket improvements, lots of struct reordering for memory and performance optimizations, reimplemented attributevaluemap completely (Lars Karlslund)
  • 8d87dfd: Integrated unique.Handle into AttributeValue for deduplication efforts, optimized comparisons a bit (Lars Karlslund)
  • 12c8ec6: Got rid of my own stringdedup package, moved names before ldap query in nodefilter, moved order by, limit, skip after ldap query in nodefilter, fixed limit/skip, optimized case sensitive searches in node filtering, renamed "Sample AQL Queries" to "AQL Queries", fixed lexer problem (Lars Karlslund)
  • 7920968: Move AQL endpoints to API prefix (Lars Karlslund)
  • f3fd3ff: Make "Local Machine" dataLoader name more sensible (Lars Karlslund)
  • 596a0ee: Wrong endpoint update fix (Lars Karlslund)
  • 55e2f54: Fixed predefined queries for new AQL format (Lars Karlslund)
  • ee0ba66: Various fixes and GC pressure experiments (Lars Karlslund)
  • bda26cb: Defer progressbar finish (Lars Karlslund)
  • 17c4189: Export collector command definition (Lars Karlslund)
  • 8a60300: Temporary fix for defaulting to dark mode, until the toggle is properly sorted out (Lars Karlslund)
  • e57f18c: Added requireData to AQL validatequery and analyze API endpoints (validatequery requires us to know what attributes exist) (Lars Karlslund)
  • fa86cca: Memory allocation optimization when encoding attributes (Lars Karlslund)
  • 8e04d60: Added automaxprocs for proper CPU count under Docker etc (Lars Karlslund)
  • 1d948a1: Structs decoding updated, and switched to sonic decoder (Lars Karlslund)
  • f1f33f4: Whoops, forgot to remove the dedicated easyjson code (Lars Karlslund)
  • 6e093d6: Come to the light side, we have graphs (light/dark mode support) (Lars Karlslund)
  • 4127c60: Changed PathExists to return true if we can stat an item (Lars Karlslund)
  • eec2f99: Changed auto-cert loader a bit (Lars Karlslund)
  • b727786: A bit more verbosity when loading the configuration.yaml file (Lars Karlslund)
  • b02e80f: Minor frontend improvements (Lars Karlslund)
  • 0274333: Exported the localmachine Cobra command item (Lars Karlslund)
  • 0aae40e: Merge branch 'master' of https://github.com/lkarlslund/adalanche (Lars Karlslund)
  • aa17245: Merge remote-tracking branch 'origin/HEAD' (Lars Karlslund)
  • 9ae7ea1: Merge (Lars Karlslund)
  • 7ebfc40: Remove mutexes (Lars Karlslund)
  • cb5ab8b: Just hardcode the obfuscated query, this will be rmeoved soon anyway (Lars Karlslund)
  • 785695a: Error message fix (Lars Karlslund)
  • a9a3522: Trying flow tracking in results (Lars Karlslund)
  • 419b397: Less aggressive memory settings (Lars Karlslund)
  • 418e1fc: Acyclic fix (Lars Karlslund)
  • c169c9c: AQL zero length edge requirement fix (Lars Karlslund)
  • 81397fe: Added fgprof profiling support (Lars Karlslund)
  • 6b0fe0c: Fix build script, experiments with building collector on older go, but needs it's own repo (Lars Karlslund)
  • 67bd5d8: Fix for the progressbar UI javascript (Lars Karlslund)
  • 978acea: More marginalized query box (Lars Karlslund)
  • f7e304e: More proper array check (Lars Karlslund)
  • 7c0bf75: Better maxprocs settings when analyzing (Lars Karlslund)
  • 3799533: Fixed wrong declaration of ui.Logger.Msgf (Lars Karlslund)
  • 664bd25: Redesigned UI preference backend storage (Lars Karlslund)
  • 2d14f97: AQL intermediade node requirement fix (Lars Karlslund)
  • 0ee3de9: Pop in-out arrows in UI (Lars Karlslund)
  • 2f47b52: Added support for AQL queries without edges (Lars Karlslund)
  • 3671804: Moved computer->machine object creation to early stage of processing, and setting role-domaincontroller to hvt (Lars Karlslund)
  • dd938d5: Merge branch 'master' of github.com:lkarlslund/adalanche (Lars Karlslund)
  • cc4c12c: Removed some old GC statistics (Lars Karlslund)
  • 657cbd0: Boost threadbuckets for object merging (Lars Karlslund)
  • e6dba54: Overall progressbar on UI when starting up, gave up on parallelizing the final merge, moved tools buttons to the options pane (well ...), various js fixes (Lars Karlslund)
  • 22b189a: Package downgrade (Lars Karlslund)
  • c6f6026: Missing go.mod entry (Lars Karlslund)
  • 6128767: Fixed machine regression, changed GC pressure back to 100 (Lars Karlslund)
  • dce7eab: Go.mod tidy (Lars Karlslund)
  • 0e73de1: Implement node limiter while merging results in parallel calls under the AQL resolver (Lars Karlslund)
  • affc912: Fixes for saving radio button preferences (Lars Karlslund)
  • a07a7a3: Reduced warnings the correct way (Lars Karlslund)
  • 2732612: Moved preferences.js to the right place (Lars Karlslund)
  • a37809d: Fixed a problem with downlevel account names in GPOs (Lars Karlslund)
  • 3ef21ac: Added GC runs between each stage of loading and processing (Lars Karlslund)
  • 4d4dc76: WIP for new docs (Lars Karlslund)
  • f4647e3: No more, Adrian (Lars Karlslund)
  • bacb857: Switch UI progress update to polled when using HTTPS because for some reason it doesn't work even though it should (Lars Karlslund)
  • 588afdc: Readme contact info update (Lars Karlslund)
  • 3a4e765: Indicate no caching for any API responses to browser (Lars Karlslund)
  • eac26ae: Fix toast and hide busystatus if backend has no data loaded when using UI to submit query (Lars Karlslund)
  • ca5a186: Reorder some JS stuff to fix an error (Lars Karlslund)
  • 3046740: Refactor ReferenceName to just Reference (Lars Karlslund)
  • 4edc801: I love javascript and javascript loves me (Lars Karlslund)
  • f711b2f: Drop query obfuscation, but allow user to supply their own (Lars Karlslund)
  • 109920a: Documentation work (Lars Karlslund)
  • 2a34096: Add sane probability defaults to AQL parser (Lars Karlslund)
  • 2231d45: Various frontend cleanup and changed rendering of static files (Lars Karlslund)
  • e563582: Fix theme problem for some colors (Lars Karlslund)
  • 448a62c: Moved documentation to under frontend html folder for online docs usage (Lars Karlslund)
  • 5ba3352: Added the one query to rule them all (Lars Karlslund)
  • 6d3adfc: Added MarkDown rendering support (Lars Karlslund)
  • d09c3c1: Moved images to docs folder (Lars Karlslund)
  • 8b1283e: Icon location fix (Lars Karlslund)
  • 74c39b2: DC to DCsync call was reversed (Lars Karlslund)
  • 786b86f: More precise targeting for TOQTRTA (Lars Karlslund)
  • a7fde61: Updated CytoScape, interact.js, lots of MD work + CSS, UI fixes and improvements, tags on local users, (Lars Karlslund)
  • 52163b4: Merge branch 'master' of github.com:lkarlslund/adalanche (Lars Karlslund)
  • 33b337b: Docs location fix in readme (Lars Karlslund)
  • 0eb3a47: Fix icons in docs + remove symlink (Lars Karlslund)
  • 5584581: Logo fix for GH (Lars Karlslund)
  • 88aafbc: EdgeBitmap Range (Lars Karlslund)
  • 6498b5c: Backend stuff for new node / edge rendering (Lars Karlslund)
  • ec2e1de: WIP for UI improvements (Lars Karlslund)
  • 4c7996d: More UI work (Lars Karlslund)
  • f1bb40d: Direct edge getter on Object (Lars Karlslund)
  • d653232: Better consistency on tags with only underscores (Lars Karlslund)
  • 31fe774: IsASCII to IsPrintable + API for highlighting nodes (Lars Karlslund)
  • 497eb99: Improved docs UI, highlight nodes fix, more work on docs (Lars Karlslund)
  • f8bcd53: Better readme screenshot (Lars Karlslund)
  • bef496c: Docs and readme update (Lars Karlslund)
  • 0052903: UI work, multiple windows for nodes/edges (Lars Karlslund)
  • e153211: Switched from halfmoon to pure bootstrap 5.3.3 (Lars Karlslund)
  • 638db63: Input glow css fix (Lars Karlslund)
  • 05e9dc9: Finally got number inputs right aligned :-) (Lars Karlslund)
  • 4f225c3: Proper close window icon (Lars Karlslund)
  • 8bd80fd: Map probability to color (Lars Karlslund)
  • b06a8e6: Better AQL docs (Lars Karlslund)
  • 309f8fa: Fix right click "Who can reach this node" (Lars Karlslund)
  • 61fb380: Minor performance tweak in graph search (Lars Karlslund)
  • 6d23652: More theming and preferences events fixes (Lars Karlslund)
  • f08da28: Fix user overriding the default query (Lars Karlslund)
  • a634078: Documentation CSS improvement (Lars Karlslund)
  • cb4444f: Modifier parsing fix (Lars Karlslund)
  • ce39de9: Query direction for kerberoast (Lars Karlslund)
  • cc6a79d: Preferences UI fixes (Lars Karlslund)
  • 1e0a328: UI icon fix (Lars Karlslund)
  • ae74d9a: Switch output type to attribute in Cytoscape JSON (Lars Karlslund)
  • c2ff8b3: Fix for a few queries that were semi-directionless (Lars Karlslund)
  • f6ef22a: Internal type map updated, not in use yet though (Lars Karlslund)
Assets 14
Loading