0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

520

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

560

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

810

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

600

Other Decks in Technology

See All in Technology

Agent Skillsがハーネスの垣根を超える日

6

4k

100以上の新規コネクタ提供を可能にしたアーキテクチャ

0

240

Microsoft Agent Frameworkの可観測性

1

100

ExpoのインダストリーブースでみたAWSが見せる製造業の未来

0

190

AlmaLinux + KVM + Cockpit で始めるお手軽仮想化基盤～開発環境などでの利用を想定して～

0

150

投資戦略を量産せよ 2 - マケデコセミナー(2025/12/26)

0

180

Connection-based OAuthから学ぶOAuth for AI Agents

0

350

Lookerで実現するセキュアな外部データ提供

PRO

0

200

Amazon Connect アップデート！ AIエージェントにMCPツールを設定してみた！

0

130

ハッカソンから社内プロダクトへ AIエージェント「ko☆shi」開発で学んだ4つの重要要素

6

1.5k

アプリにAIを正しく組み込むためのアーキテクチャ── 国産LLMの現実と実践

0

210

株式会社ビザスク_AI__Engineering_Summit_Tokyo_2025_登壇資料.pdf

1

110

Featured

See All Featured

Agile that works and the tools we love

331

21k

Neural Spatial Audio Processing for Sound Field Analysis and Control

0

130

Exploring anti-patterns in Rails

2

200

How to Talk to Developers About Accessibility

1

84

Practical Tips for Bootstrapping Information Extraction Pipelines

25

1.7k

Max Prin - Stacking Signals: How International SEO Comes Together (And Falls Apart)

PRO

0

49

Technical Leadership for Architectural Decision Making

0

180

How to build an LLM SEO readiness audit: a practical framework

1

580

エンジニアに許された特別な時間の終わり

105

220k

The Impact of AI in SEO - AI Overviews June 2024 Edition

5

680

Public Speaking Without Barfing On Your Shoes - THAT 2023

1

280

Hiding What from Whom? A Critical Review of the History of Programming languages for Music

0

300

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]