0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

540

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

580

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.3k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

820

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

620

Other Decks in Technology

See All in Technology

Phase02_AI座学_応用

0

3k

俺の/私の最強アーキテクチャ決定戦開催 ― チームで新しいアーキテクチャに適合していくために / 20260322 Naoki Takahashi

PRO

1

450

Phase01_AI座学_基礎

0

4.1k

Datadog で実現するセキュリティ対策 ~オブザーバビリティとセキュリティを一緒にやると何がいいのか~

0

140

20年以上続く PHP 大規模プロダクトを Kubernetes へ ── クラウド基盤刷新プロジェクトの4年間

PRO

0

310

開発チームとQAエンジニアの新しい協業モデル -年末調整開発チームで実践する【QAリード施策】-

0

310

Agent Skill 是什麼？對軟體產業帶來的變化

0

230

スピンアウト講座04_ルーティン処理

0

1.3k

DDD×仕様駆動で回す高品質開発のプロセス設計

6

2.5k

GitHub Copilot CLI で Azure Portal to Bicep

0

200

テストプロセスにおけるAI活用：人間とAIの共存

PRO

0

160

私がよく使うMCPサーバー3選と社内で安全に活用する方法

0

110

Featured

See All Featured

Lessons Learnt from Crawling 1000+ Websites

PRO

1

1.2k

How Fast Is Fast Enough? [PerfNow 2025]

3

500

Ethics towards AI in product and experience design

2

240

The Director’s Chair: Orchestrating AI for Truly Effective Learning

1

140

How STYLIGHT went responsive

100

6k

We Analyzed 250 Million AI Search Results: Here's What I Found

1

1k

Agile that works and the tools we love

331

21k

Designing Dashboards & Data Visualisations in Web Apps

231

54k

B2B Lead Gen: Tactics, Traps & Triumph

0

86

Stop Working from a Prison Cell

274

21k

Context Engineering - Making Every Token Count

9

770

My Coaching Mixtape

0

86

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]