Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.8k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
480
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
530
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.8k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
790
OWASP NZ Day 2016
binarymist
0
180
Infectious Media with Rubber Ducky
binarymist
1
570
Other Decks in Technology
See All in Technology
B2C&B2B&社内向けサービスを抱える開発組織におけるサービス価値を最大化するイニシアチブ管理
belongadmin
2
7.2k
American airlines ®️ USA Contact Numbers: Complete 2025 Support Guide
airhelpsupport
0
390
AI時代の開発生産性を加速させるアーキテクチャ設計
plaidtech
PRO
3
160
AIの全社活用を推進するための安全なレールを敷いた話
shoheimitani
2
540
Lufthansa ®️ USA Contact Numbers: Complete 2025 Support Guide
lufthanahelpsupport
0
200
KubeCon + CloudNativeCon Japan 2025 Recap by CA
ponkio_o
PRO
0
300
Geminiとv0による高速プロトタイピング
shinya337
1
270
Enhancing SaaS Product Reliability and Release Velocity through Optimized Testing Approach
ropqa
1
240
自律的なスケーリング手法FASTにおけるVPoEとしてのアカウンタビリティ / dev-productivity-con-2025
yoshikiiida
2
17k
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
960
マネジメントって難しい、けどおもしろい / Management is tough, but fun! #em_findy
ar_tama
7
1.1k
american airlines®️ USA Contact Numbers: Complete 2025 Support Guide
supportflight
1
110
Featured
See All Featured
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
6
310
The Pragmatic Product Professional
lauravandoore
35
6.7k
Writing Fast Ruby
sferik
628
62k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
233
17k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
820
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
130
19k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Being A Developer After 40
akosma
90
590k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
BBQ
matthewcrist
89
9.7k
Designing for humans not robots
tammielis
253
25k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]