Upgrade to Pro — share decks privately, control downloads, hide ads and more …

0wn1ng The Web at www.wdcnz.com

Sponsored · Your Podcast. Everywhere. Effortlessly. Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
Avatar for Kim Carter Kim Carter
September 08, 2015
Technology
1.9k
2

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter

Kim Carter

September 08, 2015

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
Avatar for Kim Carter binarymist
0
540
owaspnz-chch-meetup-2021-workshop-planning-and-covid
Avatar for Kim Carter binarymist
0
580
Security Regression Testing on OWASP Zap Node API
Avatar for Kim Carter binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
Avatar for Kim Carter binarymist
0
1.4k
OWASP Quiz Night
Avatar for Kim Carter binarymist
2
1.3k
The Art of Exploitation
Avatar for Kim Carter binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
Avatar for Kim Carter binarymist
1
830
OWASP NZ Day 2016
Avatar for Kim Carter binarymist
0
210
Infectious Media with Rubber Ducky
Avatar for Kim Carter binarymist
1
620

Other Decks in Technology

See All in Technology
🀄️ on swiftc
Avatar for giginet giginet
PRO
0
340
サイバーフィジカル社会とは何か / What Is a Cyber-Physical Society?
Avatar for Kenji Saito ks91
PRO
0
170
Hello UUID
Avatar for mimifuwacc mimifuwacc
0
130
ADOTで始めるサーバレスアーキテクチャのオブザーバビリティ
Avatar for Ryotaro Harada alchemy1115
3
280
Introduction to Sansan Meishi Maker Development Engineer
Avatar for Sansan, Inc. sansan33
PRO
0
380
2026年に相応しい 最先端プラグインホストの設計<del>と実装</del>
Avatar for Atsushi Eno atsushieno
0
110
DIPS2.0データに基づく森林管理における無人航空機の利用状況
Avatar for Forestgeo.info naokimuroki
1
200
JOAI2026講評会資料(近藤佐介)
Avatar for Sasuke Kondo element138
1
110
AgentCore RuntimeからS3 Filesをマウントしてみる
Avatar for Har1101 har1101
4
410
Master Dataグループ紹介資料
Avatar for Sansan, Inc. sansan33
PRO
1
4.6k
OBI+APMでお手軽にアプリケーションのオブザーバビリティを手に入れよう
Avatar for Kenshi Muto kenshimuto
0
260
CC Workflow Studio
Avatar for breaking-brake seiyakobayashi
0
320

Featured

See All Featured
Prompt Engineering for Job Search
Avatar for Mfonobong Umondia mfonobong
0
260
Redefining SEO in the New Era of Traffic Generation
Avatar for Szymon Słowik szymonslowik
1
270
Facilitating Awesome Meetings
Avatar for Lara Hogan lara
57
6.8k
CSS Pre-Processors: Stylus, Less & Sass
Avatar for Bermon Painter bermonpainter
360
30k
Why Mistakes Are the Best Teachers: Turning Failure into a Pathway for Growth
Avatar for Umar Saidu Auna auna
0
110
Balancing Empowerment & Direction
Avatar for Lara Hogan lara
5
1k
Making the Leap to Tech Lead
Avatar for Ryan Cromwell cromwellryan
135
9.8k
The Mindset for Success: Future Career Progression
Avatar for Greg Gifford greggifford
PRO
0
310
Claude Code のすすめ
Avatar for schroneko schroneko
67
220k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
Avatar for Sophie Logan marketingsoph
0
130
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
Avatar for Sara Fernández Carmona sarafernandez
2
1.4k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
Avatar for MADOX madoxten
62
53k

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]