Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.8k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
490
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
540
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.9k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
790
OWASP NZ Day 2016
binarymist
0
190
Infectious Media with Rubber Ducky
binarymist
1
580
Other Decks in Technology
See All in Technology
Figma + Storybook + PlaywrightのMCPを使ったフロントエンド開発
yug1224
9
2.7k
人と組織に偏重したEMへのアンチテーゼ──なぜ、EMに設計力が必要なのか/An antithesis to the overemphasis of people and organizations in EM
dskst
6
620
実践アプリケーション設計 ①データモデルとドメインモデル
recruitengineers
PRO
3
270
Devinを使ったモバイルアプリ開発 / Mobile app development with Devin
yanzm
0
190
Yahoo!ニュースにおけるソフトウェア開発
lycorptech_jp
PRO
0
370
自社製CMSからmicroCMSへのリプレースがプロダクトグロースを加速させた話
nextbeatdev
0
140
人を動かすことについて考える
ichimichi
2
330
会社にデータエンジニアがいることでできるようになること
10xinc
9
1.6k
Amazon Bedrock AgentCore でプロモーション用動画生成エージェントを開発する
nasuvitz
6
430
Effective Match Types - Scala Days 2025
bishabosha
1
110
トヨタ生産方式(TPS)入門
recruitengineers
PRO
3
250
AIとTDDによるNext.js「隙間ツール」開発の実践
makotot
6
700
Featured
See All Featured
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.8k
Music & Morning Musume
bryan
46
6.7k
VelocityConf: Rendering Performance Case Studies
addyosmani
332
24k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
900
Statistics for Hackers
jakevdp
799
220k
RailsConf 2023
tenderlove
30
1.2k
For a Future-Friendly Web
brad_frost
179
9.9k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
9
780
Documentation Writing (for coders)
carmenintech
73
5k
Rebuilding a faster, lazier Slack
samanthasiow
83
9.1k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]