0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

470

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

520

Security Regression Testing on OWASP Zap Node API

1

9.8k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

780

OWASP NZ Day 2016

0

180

Infectious Media with Rubber Ducky

1

560

Other Decks in Technology

See All in Technology

Go Connectへの想い

0

160

Introduction to Sansan for Engineers / エンジニア向け会社紹介

5

38k

Bill One 開発エンジニア紹介資料

4

12k

Claude Code どこまでも/ Claude Code Everywhere

5

680

Eight Engineering Unit 紹介資料

0

3.4k

Sansan Engineering Unit 紹介資料

1

2k

Data Hubグループ紹介資料

0

1.8k

会社紹介資料 / Sansan Company Profile

6

370k

やさしい認証認可

29

11k

上長や社内ステークホルダーに対する解像度を上げて、より良い補完関係を築く方法 / How-to-increase-resolution-and-build-better-complementary-relationships-with-your-bosses-and-internal-stakeholders

13

7k

フルカイテン株式会社エンジニア向け採用資料

0

7.1k

Kafka vs. Pulsar: Performance Evaluation by Petabyte-Scale Streaming Platform Providers

1

350

Featured

See All Featured

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

30

2.1k

A designer walks into a library…

pauljervisheath

206

24k

Navigating Team Friction

186

15k

No one is an island. Learnings from fostering a developers community.

21

3.3k

Large-scale JavaScript Application Architecture

512

110k

The Illustrated Children's Guide to Kubernetes

48

50k

Optimizing for Happiness

379

70k

37

3.5k

The Art of Delivering Value - GDevCon NA Keynote

14

1.5k

Typedesign – Prime Four

42

2.7k

ピンチをチャンスに：未来をつくるプロダクトロードマップ #pmconf2020

123

52k

Practical Tips for Bootstrapping Information Extraction Pipelines

20

1.3k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]