# MAAD-AF Azure AD Recon

This module will cover the first module in the MAAD-AF Attack Arsenal,
`Recon Connected AzureAD Environment`.  This module allows an attacker to
perform some basic recon on the environment they are connected to. Some of this
information can be used by an attacker to launch future attacks.

The `Recon Connected AzureAD Environment` Attack Arsenal module has several sub-
modules which allow for collecting different types of information based on the
compromised account's access and privilege level.

## Module Overview

1. From the main Attack Arsenal menu, enter `1` for `Recon Connected AD
   environment`.  This will present the attacker with a manue of sub-modules, as
   shown below.

   ![MAAD Recon AD Module](images/maad_recon_ad.png)

2. From the new menu, select option `1: Retrieve Current Session
   Information`.

   This will return information about the current session, such as the account,
   tenant information, etc.

   ![MAAD Tenant Info](images/maad_tenant_info.png)

3. Explore other recon options from the menu.  Note the types of information
   they produce based on the compromised account's access level.

   Once done exploring, enter `0` to return to the main MAAD-AF Attack
   Arsenal menu.

   ## Validation

   Note the tenant ID from the output of `1: Retrieve Current Session
   Information`.