Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Kim Carter
September 08, 2015
Technology
2
1.9k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
530
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
570
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
820
OWASP NZ Day 2016
binarymist
0
200
Infectious Media with Rubber Ducky
binarymist
1
610
Other Decks in Technology
See All in Technology
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
200
プロダクト成長を支える開発基盤とスケールに伴う課題
yuu26
4
1.4k
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
240
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
Bedrock PolicyでAmazon Bedrock Guardrails利用を強制してみた
yuu551
0
260
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
610
Webhook best practices for rock solid and resilient deployments
glaforge
2
300
量子クラウドサービスの裏側 〜Deep Dive into OQTOPUS〜
oqtopus
0
140
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
400
Agent Skils
dip_tech
PRO
0
130
CDKで始めるTypeScript開発のススメ
tsukuboshi
1
530
今こそ学びたいKubernetesネットワーク ~CNIが繋ぐNWとプラットフォームの「フラッと」な対話
logica0419
5
360
Featured
See All Featured
Building Experiences: Design Systems, User Experience, and Full Site Editing
marktimemedia
0
410
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Navigating Team Friction
lara
192
16k
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
62
50k
Efficient Content Optimization with Google Search Console & Apps Script
katarinadahlin
PRO
1
330
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
66
37k
We Are The Robots
honzajavorek
0
170
Color Theory Basics | Prateek | Gurzu
gurzu
0
200
Fireside Chat
paigeccino
41
3.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.2k
Music & Morning Musume
bryan
47
7.1k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]
SiteGround - Reliable hosting with speed, security, and support you can count on.
binarymist
andrzejkrzywda
yuu26
taketakekaho
fullkaiten
yuu551
riku_423
glaforge
oqtopus
sansantech
dip_tech
tsukuboshi
logica0419
marktimemedia
mongodb
lara
soudai
katarinadahlin
akihiro_kokubo
honzajavorek
gurzu
paigeccino
afnizarnur
aleyda
bryan
![Following images are used under the Creative Commons: [1], [2]](https://files.speakerdeck.com/presentations/8d03e8bd71154a2c94b6b8a33e9e2436/slide_46.jpg){kind=link}