Gold Sponsors

Wellbury Information Services LLC



Social Media

Our LinkedIn Group:

Meeting Agenda - October 13th, 2016

13th October 2016

6:00pm:

Food and drinks served

Introduction

A brief overview of the Ohio Information Security Forum.

A Day in the Life of a Pentester

By: Robert Stewart, Security Analyst @ Rapid7

Abstract

As a pentester I work with customers to identify their goals and expectations of an internal assessment. Generally, these goals and expectations boil down to, ‘what is the risk of an attacker with access to the internal network achieve?’. We typically consider an attacker without any access, or an average user being able to elevate their privileges to Domain Administrator (DA) as full compromise. Surprisingly, most of the internal assessments I’ve done are composed of a several steps to achieve DA access.

In this presentation I will walk through those steps and show what can be achieved when a user has no access to the network. Starting with gaining access to a user account and then latterly moving through the network to compromise Active Directory (AD).

Bio

I’ve worked in most areas of Information Technology for the past twelve years, most recently hacking all the things.

Group Discussion

By: Everyone