Titanium Sponsors

Inquest

Inquest

Platinum Sponsors

Leonardo DRS

Leonardo DRS

Gold Sponsors

Modern Technology Solutions, Inc.

Modern Technology Solutions, Inc.

University of Dayton
Department of
Computer Science

University of Dayton - Department of Computer Science

Gluware

Gluware

Social Media

Our LinkedIn Group: OISF at LinkedIn


Meeting Agenda - October 13th, 2016

13th October 2016

6:00pm:

Food and drinks served

Introduction

A brief overview of the Ohio Information Security Forum.

A Day in the Life of a Pentester

By: Robert Stewart, Security Analyst @ Rapid7

Abstract

As a pentester I work with customers to identify their goals and expectations of an internal assessment. Generally, these goals and expectations boil down to, ‘what is the risk of an attacker with access to the internal network achieve?’. We typically consider an attacker without any access, or an average user being able to elevate their privileges to Domain Administrator (DA) as full compromise. Surprisingly, most of the internal assessments I’ve done are composed of a several steps to achieve DA access.

In this presentation I will walk through those steps and show what can be achieved when a user has no access to the network. Starting with gaining access to a user account and then latterly moving through the network to compromise Active Directory (AD).

Bio

I’ve worked in most areas of Information Technology for the past twelve years, most recently hacking all the things.

Group Discussion

By: Everyone