Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.9k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
510
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
550
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
800
OWASP NZ Day 2016
binarymist
0
190
Infectious Media with Rubber Ducky
binarymist
1
590
Other Decks in Technology
See All in Technology
今、MySQLのバックアップを作り直すとしたら何がどう良いのかを考える旅
yoku0825
2
410
ZOZOTOWNカート決済リプレイス ── モジュラモノリスという過渡期戦略
zozotech
PRO
0
410
なぜインフラコードのモジュール化は難しいのか - アプリケーションコードとの本質的な違いから考える
mizzy
55
18k
2ヶ月で新規事業のシステムを0から立ち上げるスタートアップの舞台裏
shmokmt
0
180
身近なCSVを活用する!AWSのデータ分析基盤アーキテクチャ
koosun
0
1.6k
ユーザーストーリー x AI / User Stories x AI
oomatomo
0
210
「O(n log(n))のパフォーマンス」の意味がわかるようになろう
dhirabayashi
0
190
JJUG CCC 2025 Fall バッチ性能!!劇的ビフォーアフター
hayashiyuu1
1
350
Spring Boot利用を前提としたJavaライブラリ開発方法の提案
kokihoshihara
PRO
2
230
Post-AIコーディング時代のエンジニア生存戦略
shinoyu
0
290
Amazon ECS デプロイツール ecspresso の開発を支える「正しい抽象化」の探求 / YAPC::Fukuoka 2025
fujiwara3
13
3.7k
バフェットコード株式会社 開発チームカルチャーデック
shoe116
1
110
Featured
See All Featured
Designing Experiences People Love
moore
142
24k
Building Applications with DynamoDB
mza
96
6.8k
Faster Mobile Websites
deanohume
310
31k
Side Projects
sachag
455
43k
Building a Scalable Design System with Sketch
lauravandoore
463
33k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
31
2.7k
Statistics for Hackers
jakevdp
799
220k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
11
930
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
Testing 201, or: Great Expectations
jmmastey
46
7.8k
A better future with KSS
kneath
239
18k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]
binarymist
yoku0825
zozotech
mizzy
shmokmt
koosun
oomatomo
dhirabayashi
hayashiyuu1
kokihoshihara
shinoyu
fujiwara3
shoe116
moore
mza
deanohume
sachag
lauravandoore
bluesmoon
jakevdp
tammyeverts
maggiecrowley
jmmastey
kneath
keavy
![Following images are used under the Creative Commons: [1], [2]](https://files.speakerdeck.com/presentations/8d03e8bd71154a2c94b6b8a33e9e2436/slide_46.jpg){kind=link}