Titanium Sponsors



Platinum Sponsors

Leonardo DRS

Leonardo DRS

Gold Sponsors

Modern Technology Solutions, Inc.

Modern Technology Solutions, Inc.

University of Dayton
Department of
Computer Science

University of Dayton - Department of Computer Science



Social Media

Our LinkedIn Group: OISF at LinkedIn

OISF on YouTube: OISF on YouTube

Meeting Agenda - October 13th, 2016

13th October 2016


Food and drinks served


A brief overview of the Ohio Information Security Forum.

A Day in the Life of a Pentester

By: Robert Stewart, Security Analyst @ Rapid7


As a pentester I work with customers to identify their goals and expectations of an internal assessment. Generally, these goals and expectations boil down to, ‘what is the risk of an attacker with access to the internal network achieve?’. We typically consider an attacker without any access, or an average user being able to elevate their privileges to Domain Administrator (DA) as full compromise. Surprisingly, most of the internal assessments I’ve done are composed of a several steps to achieve DA access.

In this presentation I will walk through those steps and show what can be achieved when a user has no access to the network. Starting with gaining access to a user account and then latterly moving through the network to compromise Active Directory (AD).


I’ve worked in most areas of Information Technology for the past twelve years, most recently hacking all the things.

Group Discussion

By: Everyone