Discovery with ADRecon

by Ricardo Reimao

In this course, we cover the ADRecon tool, which allows you to extract valuable information from the Active Directory, including users, security groups, computers, security policies, and even Kerberos tickets.

What you'll learn

The Active Directory of a company is a valuable source of information for a red team specialist. In there, you can find information about the users, computers, and even security policies. In this course, Discovery with ADRecon, you will learn about ADRecon, developed by Prashant Mahajan, which enables red team specialists to generate interesting reports from the Active Directory of a target company. First, you will discover the importance of the Active Directory data in a red team engagement and how this data can help you in further attacks. Then, you will see how to use ADRecon tool to extract data from your client’s Active Directory and generate a complete report about the environment. Finally, you will explore how to perform a Kerberoast attack using the ADRecon tool, in which you will gather hashed credentials from the Active Directory and crack them using Hashcat. When you are finished with this course, you will have the skills and knowledge to extract valuable information from the AD and plan your next attacks. This course covers five important tactics from the MITRE ATT&CK Framework: Password Policy Discovery (T1201), Permission Groups Discovery (T1069), Account Discovery (T1087), Data from Information Repositories (T1213) and Kerberoasting (T1208).

About the author

Ricardo is a Cybersecurity Consultant based in Toronto (Canada). He has 14+ years of IT experience, 10 of them in the IT Security field. His main interests are: SIEM solutions (IBM QRadar), Enterprise Security Risk, Penetration Testing, Security processes/procedures and Network Security.

Ready to upskill? Get started