Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.8k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
450
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
490
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.7k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
750
OWASP NZ Day 2016
binarymist
0
160
Infectious Media with Rubber Ducky
binarymist
1
540
Other Decks in Technology
See All in Technology
OPENLOGI Company Profile
hr01
0
60k
データモデルYANGの処理系を再発明した話
tjmtrhs
0
310
AI自体のOps 〜LLMアプリの運用、AWSサービスとOSSの使い分け〜
minorun365
PRO
9
1k
困難を「一般解」で解く
fujiwara3
7
2.2k
User Story Mapping + Inclusive Team
kawaguti
PRO
2
290
"TEAM"を導入したら最高のエンジニア"Team"を実現できた / Deploying "TEAM" and Building the Best Engineering "Team"
yuj1osm
1
240
RaspberryPi CM4(CM5も)面白いぞ!
nonnoise
0
100
どちらかだけじゃもったいないかも? ECSとEKSを適材適所で併用するメリット、運用課題とそれらの対応について
tk3fftk
2
280
ディスプレイ広告(Yahoo!広告・LINE広告)におけるバックエンド開発
lycorptech_jp
PRO
0
580
Qiita Organizationを導入したら、アウトプッターが爆増して会社がちょっと有名になった件
minorun365
PRO
1
320
2025/3/1 公共交通オープンデータデイ2025
morohoshi
0
110
Охота на косуль у древних
ashapiro
0
120
Featured
See All Featured
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Mobile First: as difficult as doing things right
swwweet
223
9.5k
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
4
380
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Statistics for Hackers
jakevdp
797
220k
The Language of Interfaces
destraynor
156
24k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
45
9.4k
Facilitating Awesome Meetings
lara
53
6.3k
4 Signs Your Business is Dying
shpigford
183
22k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7.1k
Making Projects Easy
brettharned
116
6k
Embracing the Ebb and Flow
colly
84
4.6k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]