0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

520

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

570

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

810

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

600

Other Decks in Technology

See All in Technology

研究開発部メンバーの働き⽅ / Sansan R&D Profile

PRO

4

22k

田舎で20年スクラム（後編）：一個人が企業で長期戦アジャイルに挑む意味

1

1.6k

マーケットプレイス版Oracle WebCenter Content For OCI

oracle4engineer

PRO

5

1.5k

さくらのクラウドでのシークレット管理を考える/tamachi.sre#2

1

190

AI に「学ばせ、調べさせ、作らせる」。Auth0 開発を加速させる7つの実践的アプローチ

0

300

新米スクラムマスターの4ヶ月 -「スクラムイベントを回しているのに手応えがない」からの脱出 / Four Months as a New Scrum Master — When Scrum Events Were Running, but Nothing Felt Right

0

170

クラウドセキュリティの進化 — AWSの20年を振り返る

0

120

フルカイテン株式会社エンジニア向け採用資料

0

10k

産業的変化も組織的変化も乗り越えられるチームへの成長〜チームの変化から見出す明るい未来〜

PRO

1

780

AWSと生成AIで学ぶ！実行計画の読み解き方とSQLチューニングの実践

2

580

Vivre en Bitcoin : le tutoriel que votre banquier ne veut pas que vous voyiez

0

300

Introduction to Sansan, inc / Sansan Global Development Center, Inc.

PRO

0

2.9k

Featured

See All Featured

ピンチをチャンスに：未来をつくるプロダクトロードマップ #pmconf2020

128

55k

Paper Plane (Part 1)

PRO

0

3.1k

Design and Strategy: How to Deal with People Who Don’t "Get" Design

133

19k

How Software Deployment tools have changed in the past 20 years

0

31k

ラッコキーワードサービス紹介資料

0

2M

StorybookのUI Testing Handbookを読んだ

31

6.5k

Save Time (by Creating Custom Rails Generators)

PRO

32

1.9k

1

330

Music & Morning Musume

46

7k

The Curse of the Amulet

0

7.3k

Believing is Seeing

1

30

Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth

0

43

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]