Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.5k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
340
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
370
Security Regression Testing on OWASP Zap Node API
binarymist
1
8.5k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1k
OWASP Quiz Night
binarymist
2
1k
The Art of Exploitation
binarymist
1
960
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
640
OWASP NZ Day 2016
binarymist
0
130
Infectious Media with Rubber Ducky
binarymist
1
370
Other Decks in Technology
See All in Technology
GitHub composite actions
hkusu
1
120
Tohoku.Tech #1 「EC-CUBE/AWSの構築をChatGPTに相談してみました」by テンダ
jun2882
0
130
layerx-0-to-1-product-development-in-compound-startups
shnjtk
1
520
AWS IAM の結果整合性を避けるためセッションポリシーを用いてポリシーの動作確認を行う、を解説する
yukihirochiba
0
380
サイボウズのQAエンジニア育成
cybozuinsideout
PRO
3
570
ECS on FargateへのSeekable OCI導入レポート
iwamot
0
260
[2024년 3월 세미나] 다른 회사는 퍼널 분석 어떻게 하고 있을까?
datarian
1
1.6k
スクラムマスター不在でスクラムをやるのは(とても辛いので)やめておけ! #scrumfukuoka
nulabinc
PRO
4
910
S3成長記録@Storage-JAWS#3
p0n
0
130
10年モノのレガシーPHPアプリケーションを移植しきるまでの泥臭くも長い軌跡 / legacy-php-app-migration
toshimaru
0
710
あなたの知らないバグバウンティの世界
eurekaberry
1
1.4k
滑空スポーツ講習会2023 航空安全講習会 第4回 日常整備に役立ちそうな雑情報 / JSA Safety Seminar 2023 glider maintenance
jsaseminar
0
110
Featured
See All Featured
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
34
8.8k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
18
1.8k
Building Flexible Design Systems
yeseniaperezcruz
317
37k
Designing for humans not robots
tammielis
247
25k
StorybookのUI Testing Handbookを読んだ
zakiyama
10
4.4k
Build The Right Thing And Hit Your Dates
maggiecrowley
23
1.9k
Principles of Awesome APIs and How to Build Them.
keavy
119
16k
Automating Front-end Workflow
addyosmani
1353
200k
Unsuck your backbone
ammeep
660
56k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Testing 201, or: Great Expectations
jmmastey
27
6.3k
In The Pink: A Labor of Love
frogandcode
137
21k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]