Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.5k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
360
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
390
Security Regression Testing on OWASP Zap Node API
binarymist
1
8.7k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1k
OWASP Quiz Night
binarymist
2
1.1k
The Art of Exploitation
binarymist
1
980
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
660
OWASP NZ Day 2016
binarymist
0
130
Infectious Media with Rubber Ducky
binarymist
1
390
Other Decks in Technology
See All in Technology
開発生産性大幅アップ!Postman VS Code拡張機能
nagix
2
490
私が trocco を推す理由
__allllllllez__
1
270
どうするコスト最適化のトレードオフ
tetsuyaooooo
1
610
require(ESM)とECMAScript仕様
uhyo
4
840
LLM開発・活用の舞台裏@2024.04.25
yushin_n
3
900
いつか使うかも貯金してたらめちゃめちゃ機能が増えてた話
riyaamemiya
0
440
DMM.com アルファ室採用案内資料
hsugita
1
170
.NET Profiler in 2024.
kkamegawa
1
200
一生覚えておきたい「システム開発=コミュニケーション」〜初めての実務案件振り返りLT〜
maimyyym
2
180
ゼロから始めるVue.jsコミュニティ貢献 / first-vuejs-community-contribution-link-and-motivation
lmi
1
130
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
0
280
JAWS-UG Bedrock Claude Night
yamahiro
3
620
Featured
See All Featured
Why Our Code Smells
bkeepers
PRO
331
56k
The Invisible Side of Design
smashingmag
294
49k
Designing for humans not robots
tammielis
248
25k
A better future with KSS
kneath
231
16k
A Philosophy of Restraint
colly
197
16k
Side Projects
sachag
451
41k
What's new in Ruby 2.0
geeforr
337
31k
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
Typedesign – Prime Four
hannesfritz
36
2.1k
Being A Developer After 40
akosma
59
580k
Bash Introduction
62gerente
604
210k
StorybookのUI Testing Handbookを読んだ
zakiyama
13
4.6k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]