www.helpnetsecurity.com
Open in
urlscan Pro
52.13.90.168
Public Scan
URL:
https://www.helpnetsecurity.com/2024/01/15/adalanche-open-source-active-directory-acl-visualizer-explorer/
Submission: On January 16 via api from TR — Scanned from DE
Submission: On January 16 via api from TR — Scanned from DE
Form analysis 1 forms found in the DOM
POST
<form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-244483 mc4wp-ajax" method="post" data-id="244483" data-name="Footer newsletter form">
<div class="mc4wp-form-fields">
<div class="hns-newsletter">
<div class="hns-newsletter__top">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__title">
<i>
<svg class="hic">
<use xlink:href="#hic-plus"></use>
</svg>
</i>
<span>Cybersecurity news</span>
</div>
</div>
</div>
</div>
<div class="hns-newsletter__bottom">
<div class="container">
<div class="hns-newsletter__wrapper">
<div class="hns-newsletter__body">
<div class="row">
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="520ac2f639" id="mcs1">
<label class="form-check-label text-nowrap" for="mcs1">Daily Newsletter</label>
</div>
</div>
<div class="col">
<div class="form-check form-control-lg">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="d2d471aafa" id="mcs2">
<label class="form-check-label text-nowrap" for="mcs2">Weekly Newsletter</label>
</div>
</div>
</div>
</div>
<div class="form-check form-control-lg mb-3">
<input class="form-check-input" type="checkbox" name="_mc4wp_lists[]" value="28abe5d9ef" id="mcs3">
<label class="form-check-label" for="mcs3">(IN)SECURE - monthly newsletter with top articles</label>
</div>
<div class="input-group mb-3">
<input type="email" name="email" id="email" class="form-control border-dark" placeholder="Please enter your e-mail address" aria-label="Please enter your e-mail address" aria-describedby="hns-newsletter-submit-btn" required="">
<button class="btn btn-dark rounded-0" type="submit" id="hns-newsletter-submit-btn">Subscribe</button>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" name="AGREE_TO_TERMS" value="1" id="mcs4" required="">
<label class="form-check-label" for="mcs4">
<span>I have read and agree to the <a href="https://www.helpnetsecurity.com/newsletter/" target="_blank" rel="noopener" class="d-inline-block">terms & conditions</a>
</span>
</label>
</div>
</div>
</div>
</div>
</div>
</div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off"></label><input type="hidden" name="_mc4wp_timestamp"
value="1705371088"><input type="hidden" name="_mc4wp_form_id" value="244483"><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1">
<div class="mc4wp-response"></div>
</form>Text Content
* News * Features * Expert analysis * Videos * Events * Whitepapers * Industry news * Product showcase * Newsletters * * * Please turn on your JavaScript for this page to function normally. Mirko Zorz, Director of Content, Help Net Security January 15, 2024 Share ADALANCHE: OPEN-SOURCE ACTIVE DIRECTORY ACL VISUALIZER, EXPLORER Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and investigating potential account, machine, or domain takeovers. Additionally, it helps identify and display any misconfigurations. WHAT UNIQUE FEATURES MAKE ADALANCHE STAND OUT? “The best feature is the low user effort to get results. Adalanche has no prerequisites, doesn’t require you to install it, runs on the three major OS platforms natively, and will give you (probably surprising) results within minutes – even as a regular non-admin user,” Lars Karlslund, the creator of Adalanche, told Help Net Security. “The visual attack graph representation of your Active Directory pops up in your browser, and you can explore things from there. The more data you add, the more insights you get: if you run the open-source Windows collector, you get local accounts, groups, services, file/registry permissions, etc., from both workstations and servers in the graph.” The screenshot above showcases the search for Domain Controller machines and who can successfully reach them. In this example, a user called samwell.tarly has permission to take ownership of a GPO that is applied to a Domain Controller – and on the left, you can see some admin put the plaintext password in the description field. This is a synthetic example, but these things pop up when doing Active Directory analysis, even for huge companies. The attention to detail is just super important but is often forgotten because people think, “This is too simple to be true.” “The open-source version has just gotten a UI overhaul, new edges, several bug fixes, and improved search capabilities. A member of the hashcat cracking team suggested that I add word export for use with password audits, so that’s also a recent addition. Right now searches are based on LDAP query syntax, but I want to do a real graph query language for Adalanche. Some minor UI bugs need improvement,” Karlslund concluded. DOWNLOAD ADALANCHE Avalanche collects information from Active Directory or local Windows machines and can then analyze the collected data. If you’re only doing Active Directory analysis, grab the binary for your preferred platform. Later, you can deploy the dedicated collector .exe for your Windows member machines via a GPO or other orchestration and get even more insight. This repository provides sample data from the Orange Cyberdefense lab Game of Active Directory project. It is a vulnerable Active Directory lab comprising 5 Windows machines (three DCs across two forests) and two Windows servers. More open-source tools to consider: * AuthLogParser: Open-source tool for analyzing Linux authentication logs * DriveFS Sleuth: Open-source tool for investigating Google Drive File Stream’s disk forensic artifacts * Subdominator: Open-source tool for detecting subdomain takeovers * EMBA: Open-source security analyzer for embedded devices * Nemesis: Open-source offensive data enrichment and analytic pipeline * SessionProbe: Open-source multi-threaded pentesting tool * Mosint: Open-source automated email OSINT tool * Vigil: Open-source LLM security scanner * AWS Kill Switch: Open-source incident response tool * PolarDNS: Open-source DNS server tailored for security evaluations * k0smotron: Open-source Kubernetes cluster management * Kubescape 3.0 elevates open-source Kubernetes security * Logging Made Easy: Free log management solution from CISA * GOAD: Vulnerable Active Directory environment for practicing attack techniques * Wazuh: Free and open-source XDR and SIEM * Yeti: Open, distributed, threat intelligence repository * BinDiff: Open-source comparison tool for binary files * LLM Guard: Open-source toolkit for securing Large Language Models * Velociraptor: Open-source digital forensics and incident response More about * Active Directory * cybersecurity * GitHub * open source * software Share FEATURED NEWS * If you prepare, a data security incident will not cause an existential crisis * Understanding zero-trust design philosophy and principles * The growing challenge of cyber risk in the age of synthetic media Discover and secure every cloud and SaaS asset SPONSORED * eBook: Defending the Infostealer Threat * Guide: SaaS Offboarding Checklist * eBook: Keeping Active Directory out of hackers’ cross-hairs DON'T MISS * Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) * Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) * Flipping the BEC funnel: Phishing in the age of GenAI * Preventing insider access from leaking to malicious actors * Key elements for a successful cyber risk management strategy Cybersecurity news Daily Newsletter Weekly Newsletter (IN)SECURE - monthly newsletter with top articles Subscribe I have read and agree to the terms & conditions Leave this field empty if you're human: © Copyright 1998-2024 by Help Net Security Read our privacy policy | About us | Advertise Follow us ×