0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

460

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

510

Security Regression Testing on OWASP Zap Node API

1

9.7k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

770

OWASP NZ Day 2016

0

170

Infectious Media with Rubber Ducky

1

550

Other Decks in Technology

See All in Technology

AIエージェント開発における「攻めの品質改善」と「守りの品質保証」 / 2024.04.09 GPU UNITE 新年会 2025

0

400

20250413_湘南kaggler会_音声認識で使うのってメルス・・・なんだっけ？

1

380

0

130

IVRyにおけるNLP活用と NLP2025の関連論文紹介

0

180

Amazon CloudWatch Application Signals ではじめるバーンレートアラーム / Burn rate alarm with Amazon CloudWatch Application Signals

5

310

Рекомендации с нуля: как мы в Lamoda превратили главную страницу в ключевую точку входа для персонализированного шоппинга. Данил Комаров, Data Scientist, Lamoda Tech

0

260

Lakeflow Connectのご紹介

databricksjapan

0

100

3

860

DETR手法の変遷と最新動向（CVPR2025）

2

1.1k

ウォンテッドリーにおける Platform Engineering

0

190

アジャイル脅威モデリング#1（脅威モデリングナイト#8）

3

160

LLM as プロダクト開発のパワードスーツ

1

190

Featured

See All Featured

Optimising Largest Contentful Paint

36

3.2k

GitHub's CSS Performance

1030

460k

The Pragmatic Product Professional

33

6.5k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

32

2.2k

Navigating Team Friction

184

15k

Statistics for Hackers

798

220k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

52

2.4k

Raft: Consensus for Rubyists

137

6.9k

Rails Girls Zürich Keynote

94

13k

The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024

23

2.6k

Art, The Web, and Tiny UX

298

20k

Making Projects Easy

116

6.1k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]