0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

520

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

560

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

810

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

600

Other Decks in Technology

See All in Technology

20251222_サンフランシスコサバイバル術

2

140

MySQLとPostgreSQLのコレーション / Collation of MySQL and PostgreSQL

1

1.2k

Amazon Bedrock Knowledge Bases × メタデータ活用で実現する検証可能な RAG 設計

6

2.3k

ペアーズにおけるAIエージェント基盤とText to SQLツールの紹介

2

1.6k

2025-12-18_AI駆動開発推進プロジェクト運営について / AIDD-Promotion project management

0

150

日本Rubyの会: これまでとこれから

PRO

5

230

AgentCore BrowserとClaude Codeスキルを活用した『初手AI』を実現する業務自動化AIエージェント基盤

7

1.4k

『君の名は』と聞く君の名は。 / Your name, you who asks for mine.

1

120

AgentCoreとStrandsで社内d払いナレッジボットを作った話

1

890

Claude Codeを使った情報整理術

1

320

ソフトウェアエンジニアとAIエンジニアの役割分担についてのある事例

PRO

0

220

AI駆動開発ライフサイクル（AI-DLC）の始め方

0

160

Featured

See All Featured

PRO

33

15k

Between Models and Reality

0

150

Impact Scores and Hybrid Strategies: The future of link building

tamaranovitovic

0

170

Test your architecture with Archunit

1

2.1k

Embracing the Ebb and Flow

88

4.9k

HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy

PRO

0

100

A Guide to Academic Writing Using Generative AI - A Workshop

PRO

0

170

Agile that works and the tools we love

331

21k

Data-driven link building: lessons from a $708K investment (BrightonSEO talk)

1

850

技術選定の審美眼（2025年版） / Understanding the Spiral of Technologies 2025 edition

PRO

115

91k

The SEO identity crisis: Don't let AI make you average

0

36

The Illustrated Guide to Node.js - THAT Conference 2024

0

210

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]