Upgrade to Pro — share decks privately, control downloads, hide ads and more …

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter Kim Carter
September 08, 2015
Technology
2
1.9k

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter

Kim Carter

September 08, 2015
Tweet

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
Avatar for Kim Carter binarymist
0
540
owaspnz-chch-meetup-2021-workshop-planning-and-covid
Avatar for Kim Carter binarymist
0
580
Security Regression Testing on OWASP Zap Node API
Avatar for Kim Carter binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
Avatar for Kim Carter binarymist
0
1.4k
OWASP Quiz Night
Avatar for Kim Carter binarymist
2
1.3k
The Art of Exploitation
Avatar for Kim Carter binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
Avatar for Kim Carter binarymist
1
820
OWASP NZ Day 2016
Avatar for Kim Carter binarymist
0
200
Infectious Media with Rubber Ducky
Avatar for Kim Carter binarymist
1
610

Other Decks in Technology

See All in Technology
Phase03_ドキュメント管理
Avatar for overflow ,Inc overflowinc
0
1.4k
SLI/SLO 導入で 避けるべきこと3選
Avatar for Kota yagikota
0
140
20260323_データ分析基盤でGeminiを使う話
Avatar for yuichi 1210yuichi0
0
160
Phase10_組織浸透_データ活用
Avatar for overflow ,Inc overflowinc
0
880
既存アプリの延命も,最新技術での新規開発も:WebSphereの最新情報
Avatar for Ryoto Katagiri ktgrryt
0
110
Visional 28新卒プロダクト職(エンジニア/デザイナー)向け 会社説明資料 / Visional Company Briefing for Newgrads 28
Avatar for Visional Engineering & Design visional_engineering_and_design
1
110
Phase07_実務適用
Avatar for overflow ,Inc overflowinc
0
1k
スピンアウト講座04_ルーティン処理
Avatar for overflow ,Inc overflowinc
0
640
【Λ(らむだ)】最近のアプデ情報 / RPALT20260318
Avatar for Λ lambda
0
150
ABEMAのバグバウンティの取り組み
Avatar for Kurochan kurochan
1
150
システム標準化PMOから ガバメントクラウドCoEへ
Avatar for 高橋広和 techniczna
1
160
Kiroで見直す開発プロセスとAI-DLC
Avatar for Kazuki Adachi k_adachi_01
0
110

Featured

See All Featured
Stewardship and Sustainability of Urban and Community Forests
Avatar for Eric Wiseman pwiseman
0
160
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
Avatar for Ines Montani inesmontani
PRO
3
3.2k
Un-Boring Meetings
Avatar for Sebastian Deterding codingconduct
0
230
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
408
66k
How to Talk to Developers About Accessibility
Avatar for Jason CranfordTeague jct
2
160
Ecommerce SEO: The Keys for Success Now & Beyond - #SERPConf2024
Avatar for Aleyda Solis aleyda
1
1.9k
The SEO identity crisis: Don't let AI make you average
Avatar for Varn varn
0
420
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
Avatar for Rebecca Miller-Webster rmw
35
3.4k
Site-Speed That Sticks
Avatar for Harry Roberts csswizardry
13
1.1k
Marketing to machines
Avatar for Jono Alderson jonoalderson
1
5k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
Avatar for Takuto Wada twada
PRO
118
110k
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
247
13k

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]