0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

530

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

580

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.3k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

820

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

610

Other Decks in Technology

See All in Technology

トラブルの大半は「言ってない」x「言ってない」じゃねーか！！

0

300

What's new in Go 1.26?

2

280

2026-02-25 Tokyo dbt meetup プロダクトと融合したCI/CD で実現する、堅牢なデータパイプラインの作り方

0

170

Claude Cowork Plugins を読む - Skills駆動型業務エージェント設計の実像と構造

0

240

三菱UFJ銀行におけるエンタープライズAI駆動開発のリアル / Enterprise AI_Driven Development at MUFG Bank: The Real Story

10

20k

トップマネジメントとコンピテンシーから考えるエンジニアリングマネジメント

3

410

1 年間の育休から時短勤務で復帰した私が、 AI を駆使して立ち上がりを早めた話

PRO

0

220

マネージャー版 "提案のレベル" を上げる

14

11k

Bill One 開発エンジニア紹介資料

PRO

5

18k

「使いにくい」も「運用疲れ」も卒業する　UIデザイナーとエンジニアが創る持続可能な内製開発

PRO

1

770

ソフトウェアアーキテクトのための意思決定術: Create Decision Readiness—The Real Skill Behind Architectural Decision

PRO

28

8.6k

OSSで構築するIT基盤管理実践事例: NetBox・Snipe-IT・FreeRADIUS+PrivacyIDEA / Practical Case Studies of IT Infrastructure Management Using OSS

0

180

Featured

See All Featured

Stewardship and Sustainability of Urban and Community Forests

0

130

Music & Morning Musume

47

7.1k

Helping Users Find Their Own Way: Creating Modern Search Experiences

31

3.1k

More Than Pixels: Becoming A User Experience Designer

3

340

Why You Should Never Use an ORM

PRO

61

9.8k

Agile that works and the tools we love

331

21k

The Impact of AI in SEO - AI Overviews June 2024 Edition

5

760

The Pragmatic Product Professional

37

7.2k

実際に使うSQLの書き方徹底解説 / pgcon21j-tutorial

PRO

199

73k

Optimising Largest Contentful Paint

37

3.6k

How to make the Groovebox

2

2k

Navigating Algorithm Shifts & AI Overviews - #SMXNext

1

1.1k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]