Network defenders are often not armed with the right information to fix critical permission issues and general misconfigurations within Active Directory (AD). 

Many of these flaws lay dormant in the network for 10+ years until either an attacker or pentester takes advantage of the flaw. This is because these flaws don’t appear in security checklists or vulnerability scanners, which alone can be a daunting task for a large enterprise. 

We often get in the mindset of “needing to fix what the tool tells us,” and if it’s not a critical or high-impact flaw coming out of a vulnerability scanner, it just isn’t addressed. 

This leaves network defenders with an incomplete picture of their network’s security posture.

At BreakPoint Labs, we understand the importance of bridging the gap between offensive and defensive security practices. That’s why we’re excited to share insights from Andrew McNicol’s recent presentation at BSidesCharm 2024, where he offered defenders a unique attacker’s perspective on Active Directory (AD) environments.

During the presentation, Andrew introduced a game-changing tool developed by BreakPoint Labs called Ad-recon, which automates numerous complex queries going through BloodHound data via Neo4j cypher queries. 

Ad-recon is a tool designed to quickly triage BloodHound data (~2-4 seconds to a few minutes to run, depending on switches and data size) and will identify numerous security issues within the AD environment. 

Andrew’s talk dives deep into each query Ad-recon performs, shedding light on the significance of the findings and discussing them from both attacker and defender perspectives. 

Additionally, Ad-recon allows for customization, enabling users to print and modify queries for use in their own environments, whether via code, Neo4j interface, Cypher-Shell query, or BloodHound GUI.

Discover how to fortify your AD defenses with insights directly from the front lines.

Watch Andrew McNicol’s full presentation here:

About BreakPoint Labs

BreakPoint Labs, a technically proficient, mission-focused cybersecurity service provider, is dedicated to delivering the methods and means for sustainable, measurable, and effective cybersecurity operations. 

Powered by highly motivated, experienced cybersecurity professionals, BreakPoint Labs is developing and leveraging technology to enable a more secure cyberspace. 

With well-formed service delivery models in cybersecurity risk assessments, defensive cyber operations, and cyber research and development, underpinned by CMMI® for Services (CMMI-SVC) Level 3 and ISO 9001:2015 corporate certifications, BreakPoint Labs supports a diverse client base in addressing its most challenging problems in the cyber defense domain.

Contact us today for a free cybersecurity assessment consultation.

Talk to a Cybersecurity Expert