What is the Autodiscover service in Exchange and how can it be used in penetration testing?

Autodiscover is an Exchange service that automatically configures client applications like Outlook by requiring only an email address and password. During penetration testing, once you have email user credentials, you can use Autodiscover to brute-force passwords (via NTLM authentication), read configuration information (including the domain controller's computer name), and access Exchange mail resources like the Global Address List. This makes it a valuable tool for lateral movement and information gathering. For more details, see the original article Penetration Basics - Using Exchange Autodiscover.