Modern Technology Solutions, Inc.
Our LinkedIn Group: OISF at LinkedIn
Food and drinks served
A brief overview of the Ohio Information Security Forum.
As a pentester I work with customers to identify their goals and expectations of an internal assessment. Generally, these goals and expectations boil down to, ‘what is the risk of an attacker with access to the internal network achieve?’. We typically consider an attacker without any access, or an average user being able to elevate their privileges to Domain Administrator (DA) as full compromise. Surprisingly, most of the internal assessments I’ve done are composed of a several steps to achieve DA access.
In this presentation I will walk through those steps and show what can be achieved when a user has no access to the network. Starting with gaining access to a user account and then latterly moving through the network to compromise Active Directory (AD).
I’ve worked in most areas of Information Technology for the past twelve years, most recently hacking all the things.