0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

490

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

540

Security Regression Testing on OWASP Zap Node API

1

9.9k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

790

OWASP NZ Day 2016

0

190

Infectious Media with Rubber Ducky

1

580

Other Decks in Technology

See All in Technology

Figma + Storybook + PlaywrightのMCPを使ったフロントエンド開発

9

2.7k

人と組織に偏重したEMへのアンチテーゼ──なぜ、EMに設計力が必要なのか/An antithesis to the overemphasis of people and organizations in EM

6

620

実践アプリケーション設計 ①データモデルとドメインモデル

recruitengineers

PRO

3

270

Devinを使ったモバイルアプリ開発 / Mobile app development with Devin

0

190

Yahoo!ニュースにおけるソフトウェア開発

PRO

0

370

自社製CMSからmicroCMSへのリプレースがプロダクトグロースを加速させた話

0

140

人を動かすことについて考える

2

330

会社にデータエンジニアがいることでできるようになること

9

1.6k

Amazon Bedrock AgentCore でプロモーション用動画生成エージェントを開発する

6

430

Effective Match Types - Scala Days 2025

1

110

トヨタ生産方式(TPS)入門

recruitengineers

PRO

3

250

AIとTDDによるNext.js「隙間ツール」開発の実践

6

700

Featured

See All Featured

Build The Right Thing And Hit Your Dates

37

2.8k

Music & Morning Musume

46

6.7k

VelocityConf: Rendering Performance Case Studies

332

24k

Build your cross-platform service in a week with App Engine

231

18k

Evolution of real-time – Irina Nazarova, EuRuKo, 2024

8

900

Statistics for Hackers

799

220k

30

1.2k

For a Future-Friendly Web

179

9.9k

The Web Performance Landscape in 2024 [PerfNow 2024]

9

780

Documentation Writing (for coders)

73

5k

Rebuilding a faster, lazier Slack

83

9.1k

Dealing with People You Can't Stand - Big Design 2015

367

26k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]