Titanium Sponsors
Inquest
Platinum Sponsors
Leonardo DRS
Gold Sponsors
Modern Technology Solutions, Inc.
University of Dayton
Department of
Computer Science
Gluware
Social Media
Our LinkedIn Group: OISF at LinkedIn
OISF on YouTube: OISF on YouTube
Tweets by @oisf
Meeting Agenda - October 13th, 2016
13th October 20166:00pm:
Food and drinks served
Introduction
A brief overview of the Ohio Information Security Forum.
A Day in the Life of a Pentester
By: Robert Stewart, Security Analyst @ Rapid7
Abstract
As a pentester I work with customers to identify their goals and expectations of an internal assessment. Generally, these goals and expectations boil down to, ‘what is the risk of an attacker with access to the internal network achieve?’. We typically consider an attacker without any access, or an average user being able to elevate their privileges to Domain Administrator (DA) as full compromise. Surprisingly, most of the internal assessments I’ve done are composed of a several steps to achieve DA access.
In this presentation I will walk through those steps and show what can be achieved when a user has no access to the network. Starting with gaining access to a user account and then latterly moving through the network to compromise Active Directory (AD).
Bio
I’ve worked in most areas of Information Technology for the past twelve years, most recently hacking all the things.
Group Discussion
By: Everyone