0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

490

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

540

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

790

OWASP NZ Day 2016

0

190

Infectious Media with Rubber Ducky

1

580

Other Decks in Technology

See All in Technology

Bedrock で検索エージェントを再現しようとした話

1

110

下手な強制、ダメ！絶対！「ガードレール」を「檻」にさせない"ガバナンス"の取り方とは？

2

460

COVESA VSSによる車両データモデルの標準化とAWS IoT FleetWiseの活用

1

400

機械学習を扱うプラットフォーム開発と運用事例

PRO

0

660

Claude Code でアプリ開発をオートパイロットにするためのTips集 Zennの場合 / Claude Code Tips in Zenn

5

1.8k

Firestore → Spanner 移行を成功させた段階的移行プロセス

1

500

Oracle Base Database Service 技術詳細

oracle4engineer

PRO

10

75k

「Linux」という言葉が指すもの

PRO

4

140

Generative AI Japan 第一回生成AI実践研究会「AI駆動開発の現在地──ブレイクスルーの鍵を握るのはデータ領域」

0

330

20250912_RPALT_データを集める→とっ散らかる問題_Obsidian紹介

0

100

Platform開発が先行する Platform Engineeringの違和感

4

590

【NoMapsTECH 2025】AI Edge Computing Workshop

0

230

Featured

See All Featured

How to train your dragon (web standard)

96

6.2k

Producing Creativity

PRO

347

40k

Testing 201, or: Great Expectations

45

7.7k

Building an army of robots

306

46k

The World Runs on Bad Software

PRO

70

11k

Building a Scalable Design System with Sketch

462

33k

JavaScript: Past, Present, and Future - NDC Porto 2020

52

5.6k

A Modern Web Designer's Workflow

696

190k

Sharpening the Axe: The Primacy of Toolmaking

44

2.5k

Learning to Love Humans: Emotional Interface Design

273

40k

Unsuck your backbone

671

58k

VelocityConf: Rendering Performance Case Studies

332

24k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]