Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter Kim Carter
September 08, 2015
Technology
2
1.9k

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter

Kim Carter

September 08, 2015
Tweet

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
Avatar for Kim Carter binarymist
0
520
owaspnz-chch-meetup-2021-workshop-planning-and-covid
Avatar for Kim Carter binarymist
0
560
Security Regression Testing on OWASP Zap Node API
Avatar for Kim Carter binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
Avatar for Kim Carter binarymist
0
1.4k
OWASP Quiz Night
Avatar for Kim Carter binarymist
2
1.2k
The Art of Exploitation
Avatar for Kim Carter binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
Avatar for Kim Carter binarymist
1
810
OWASP NZ Day 2016
Avatar for Kim Carter binarymist
0
200
Infectious Media with Rubber Ducky
Avatar for Kim Carter binarymist
1
600

Other Decks in Technology

See All in Technology
NIKKEI Tech Talk #41: セキュア・バイ・デザインからクラウド管理を考える
Avatar for Ryosuke Sekido sekido
PRO
0
210
Authlete で実装する MCP OAuth 認可サーバー #CIMD の実装を添えて
Avatar for watahani watahani
0
180
AIBuildersDay_track_A_iidaxs
Avatar for iidaxs iidaxs
4
1.3k
Amazon Connect アップデート! AIエージェントにMCPツールを設定してみた!
Avatar for Yosuke Suzuki ysuzuki
0
140
AgentCore BrowserとClaude Codeスキルを活用した 『初手AI』を実現する業務自動化AIエージェント基盤
Avatar for Hirokatsu Endo ruzia
7
1.5k
ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素
Avatar for そのだ sonoda_mj
6
1.7k
AI時代のワークフロー設計〜Durable Functions / Step Functions / Strands Agents を添えて〜
Avatar for やくも yakumo
3
2.2k
Bedrock AgentCore Memoryの新機能 (Episode) を試してみた / try Bedrock AgentCore Memory Episodic functionarity
Avatar for hoshi7_n hoshi7_n
2
1.9k
AWSの新機能をフル活用した「re:Inventエージェント」開発秘話
Avatar for みのるん minorun365
2
450
Microsoft Agent Frameworkの可観測性
Avatar for tomokusaba tomokusaba
1
110
Introduce marp-ai-slide-generator
Avatar for Itaru Tomita itarutomy
0
120
フルカイテン株式会社 エンジニア向け採用資料
Avatar for FULL KAITEN fullkaiten
0
9.9k

Featured

See All Featured
Impact Scores and Hybrid Strategies: The future of link building
Avatar for Tamara Novitovic tamaranovitovic
0
170
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
6k
More Than Pixels: Becoming A User Experience Designer
Avatar for Michelle Schulp Hunt marktimemedia
2
260
Future Trends and Review - Lecture 12 - Web Technologies (1019888BNR)
Avatar for Beat Signer signer
PRO
0
3.1k
Building a Scalable Design System with Sketch
Avatar for Laura Van Doore lauravandoore
463
34k
Thoughts on Productivity
Avatar for Jon Yablonski jonyablonski
73
5k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
Skip the Path - Find Your Career Trail
Avatar for Mark Kilby mkilby
0
27
Claude Code どこまでも/ Claude Code Everywhere
Avatar for nwiizo nwiizo
61
49k
The Limits of Empathy - UXLibs8
Avatar for Cassini Nazir cassininazir
1
190
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
Avatar for soudai sone soudai
PRO
196
70k
Data-driven link building: lessons from a $708K investment (BrightonSEO talk)
Avatar for Szymon szymonslowik
1
850

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]