Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.6k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
380
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
420
Security Regression Testing on OWASP Zap Node API
binarymist
1
9k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.1k
OWASP Quiz Night
binarymist
2
1.1k
The Art of Exploitation
binarymist
1
1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
700
OWASP NZ Day 2016
binarymist
0
140
Infectious Media with Rubber Ducky
binarymist
1
440
Other Decks in Technology
See All in Technology
MySQLのロックの種類とその競合
yoku0825
6
1.6k
成長期に歩みを止めないための創業期の開発文化形成
mayah
6
420
コンテナ・K8s研修 - 前半 コンテナ基礎・ハンズオン【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
170
年間一億円削減した時系列データベースのアーキテクチャ改善~不確実性の高いプロジェクトへの挑戦~
lycorptech_jp
PRO
3
2.9k
Git 研修 Basic【MIXI 24新卒技術研修】
mixi_engineers
PRO
0
310
Github Actions 로 Android 팀의 효율성 극대화
hadonghyun
0
160
【基調講演】変える、今ここから ― IoTとAIで紡ぐ未来
soracom
PRO
0
320
[NIKKEI Tech Talk] KDDI/KAG Scrum & Community for Engineering Training
curanosuke
2
220
DDDにおける認可の扱いとKotlinにおける実装パターン / authorization-for-ddd-and-kotlin-implement-pattern
urmot
4
390
Azure AI ことはじめ
tsubakimoto_s
0
130
CEL(Common Expression Language)で書いた条件にマッチしたIAM Policyを見つける / iam-policy-finder
fujiwara3
0
710
AOAI Dev Day LLMシステム開発 Tips集
hirosatogamo
15
3.8k
Featured
See All Featured
Designing on Purpose - Digital PM Summit 2013
jponch
113
6.6k
Mobile First: as difficult as doing things right
swwweet
219
8.8k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
149
45k
Typedesign – Prime Four
hannesfritz
37
2.2k
GitHub's CSS Performance
jonrohan
1026
450k
Speed Design
sergeychernyshev
9
270
What's in a price? How to price your products and services
michaelherold
239
11k
How GitHub (no longer) Works
holman
305
140k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
245
1.2M
The Straight Up "How To Draw Better" Workshop
denniskardys
229
130k
Done Done
chrislema
179
15k
Optimising Largest Contentful Paint
csswizardry
18
2.6k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]