0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

480

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

530

Security Regression Testing on OWASP Zap Node API

1

9.8k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

790

OWASP NZ Day 2016

0

180

Infectious Media with Rubber Ducky

1

570

Other Decks in Technology

See All in Technology

怖くない！はじめてのClaude Code

0

380

生成AI開発案件におけるClineの業務活用事例とTips

0

240

自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025

1

15k

OPENLOGI Company Profile

0

67k

SaaS型なのに自由度の高い本格CMSでサイト構築と運用のコスパ＆タイパUP！ MovableType.net の便利機能とユーザー事例のご紹介

0

100

Oracle Database@Google Cloud：サービス概要のご紹介

oracle4engineer

0

110

Delegating the chores of authenticating users to Keycloak

0

140

事業成長の裏側：エンジニア組織と開発生産性の進化 / 20250703 Rinto Ikenoue

2

20k

Should Our Project Join the CNCF? (Japanese Recap)

0

330

Connect 100+を支える技術

0

190

使いたいMCPサーバーはWeb APIをラップして自分で作る #QiitaBash

0

1.6k

AWS認定を取る中で感じたこと

1

180

Featured

See All Featured

Learning to Love Humans: Emotional Interface Design

273

40k

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

30

2.1k

Reflections from 52 weeks, 52 projects

351

20k

29

5.4k

ReactJS: Keep Simple. Everything can be a component!

667

120k

Improving Core Web Vitals using Speculation Rules API

sergeychernyshev

18

960

Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]

5

280

GraphQLとの向き合い方2022年版

49

14k

Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End

251

21k

Docker and Python

44

3.5k

Making Projects Easy

116

6.3k

Building a Scalable Design System with Sketch

462

33k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]