Pittsburgh ISSA Chapter Meeting - Sponsored by Guidepoint Security

Tuesday, August 19, 2025
Join the Pittsburgh Chapter of ISSA and guest speaker Cam Stish
Meeting Refreshments Sponsored by Guidepoint Security
Schedule of Events:
5:00pm - Light refreshments.
5:15pm - Chapter Board and Partner Introduction
5:30pm - Interactive Discussion
6:30pm - Adjourn for social hour

Please RSVP by noon on Sunday, August 17th, 2025

Join us for an eye-opening presentation from Cam Stish of GuidePoint Security as he shares the accidental discovery of CVE-2025-33073, a critical Kerberos Reflection vulnerability that enables attackers to bypass authentication in Active Directory environments. During routine penetration testing research, Cam uncovered that a coercion attack unexpectedly succeeded in dumping the SAM hive, despite protections believed to have been in place since 2008.
In this session, Cam will walk us through the technical journey from discovery to weaponization, revealing how the exploit combines DNS manipulation, coercion techniques like PetitPotam, and Kerberos relay attacks to gain SYSTEM-level access on domain controllers and member servers. He will also cover how organizations can detect this type of activity in their environments and what steps they can take to remediate and harden their systems against similar attacks. This talk is a powerful reminder of the importance of investigating unexpected test results and how they can lead to critical security breakthroughs.
A special thank you to GuidePoint Security for sponsoring this month’s Pittsburgh ISSA meeting and supporting our local cybersecurity community.
Cam Stish: began his career in the security industry in 2016. His professional experience includes security assessments, specializing in network, wireless, and application penetration testing. He has led and participated in vulnerability assessments and penetration testing throughout the world for industries such as banking, commercial, e-commerce, manufacturing, and many other industries. Cam’s extensive experience in network security assessments includes perimeter, network, and wireless penetration testing, Active Directory assessments, API assessments, social engineering, and web application testing.Cameron earned a Bachelor of Science degree in Cybersecurity from Bethany College and holds several certifications including the Practical Network Penetration Tester (PNPT), Offensive Security Certified Professional (OSCP+), Certified Red Team Operator (CRTO), and Offensive Security Wireless Professional (OSWP).About Guidepoint SecurityGuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organizations make smarter decisions and minimize risk. With deep experience across the cybersecurity landscape, including cloud security, penetration testing, compliance, and emerging threats, GuidePoint’s team of seasoned practitioners works closely with clients to assess, build, and manage security programs tailored to their unique needs. From advisory services to hands-on technical support, GuidePoint is a trusted partner to both public and private sector organizations.

Join us at this live event on Tuesday, August 19th!