Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.8k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
450
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
490
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.7k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
750
OWASP NZ Day 2016
binarymist
0
160
Infectious Media with Rubber Ducky
binarymist
1
540
Other Decks in Technology
See All in Technology
OCI Success Journey OCIの何が評価されてる?疑問に答える事例セミナー(2025年2月実施)
oracle4engineer
PRO
2
170
クラウド食堂とは?
hiyanger
0
120
LINEギフトにおけるバックエンド開発
lycorptech_jp
PRO
0
370
フォーイット_エンジニア向け会社紹介資料_Forit_Company_Profile.pdf
forit_tech
1
1.7k
遷移の高速化 ヤフートップの試行錯誤
narirou
6
1.8k
Change Managerを活用して本番環境へのセキュアなGUIアクセスを統制する / Control Secure GUI Access to the Production Environment with Change Manager
yuj1osm
0
110
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
3
540
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
【詳説】コンテンツ配信 システムの複数機能 基盤への拡張
hatena
0
280
30→150人のエンジニア組織拡大に伴うアジャイル文化を醸成する役割と取り組みの変化
nagata03
0
200
DeepSeekとは?何がいいの? - Databricksと学ぶDeepSeek! 〜これからのLLMに備えよ!〜
taka_aki
1
160
Two Blades, One Journey: Engineering While Managing
ohbarye
4
2.2k
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
35
1.6k
Side Projects
sachag
452
42k
Typedesign – Prime Four
hannesfritz
40
2.5k
Become a Pro
speakerdeck
PRO
26
5.2k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
10
520
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
160
15k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
33
2.8k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
193
16k
Build your cross-platform service in a week with App Engine
jlugia
229
18k
Why You Should Never Use an ORM
jnunemaker
PRO
55
9.2k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
Fireside Chat
paigeccino
35
3.2k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]