Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
570
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
600
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
860
OWASP NZ Day 2016
binarymist
0
210
Infectious Media with Rubber Ducky
binarymist
1
640
Other Decks in Technology
See All in Technology
WebGIS AI Agentの紹介
_shimizu
0
610
FinOps X 2026 Recap from Engineer Side #JapanFinOps
chacco38
0
240
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
110
“全部コピーしない”ファイルデータの活用 : — FSx for ONTAP × S3 Tables × Icebergで作るメタデータカタログ
yoshiki0705
0
260
秘密度ラベル初心者が第1歩でつまづかないための「設計・運用」ポイント
seafay
PRO
1
560
CVE-2026-20833_脆弱性対応とAES 化について
jukishiya
0
340
製造現場での生成AIの活用、およびエージェントAIの実装のあり方、AVEVAの取り組み
iotcomjpadmin
0
210
RAGの精度向上とエージェント活用
kintotechdev
2
120
そこにあるから地図ができる~位置を示す"モノ"を愉しむ~ - Interface 2026年6月号GPS特集オフ会 / interface_202606_GPS_offline
sakaik
1
180
本当の”仕事”を手放せる未来が見えた
mu7889yoon
0
210
「ビジネスがわかるエンジニア」とは何か?
ryooob
0
440
認証認可だけじゃない! ID管理の構成要素と ライフサイクルを意識しよう
ritou
1
440
Featured
See All Featured
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
2k
<Decoding/> the Language of Devs - We Love SEO 2024
nikkihalliwell
1
270
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
630
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
170
Intergalactic Javascript Robots from Outer Space
tanoku
273
27k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
500
Statistics for Hackers
jakevdp
799
230k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
4.1k
Pawsitive SEO: Lessons from My Dog (and Many Mistakes) on Thriving as a Consultant in the Age of AI
davidcarrasco
0
180
RailsConf 2023
tenderlove
30
1.5k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]