0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

520

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

560

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

810

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

600

Other Decks in Technology

See All in Technology

re:Invent2025 コンテナ系アップデート振り返り(+CloudWatchログのアップデート紹介)

0

280

小さな判断で育つ、大きな意思決定力 / 20251204 Takahiro Kinjo

PRO

1

530

たかが特別な時間の終わり / It's Only the End of Special Time

28

7.8k

21st ACRi Webinar - Univ of Tokyo Presentation Slide (Ayumi Ohno)

0

120

エンジニアリングマネージャーはじめての目標設定と評価

0

230

Docker, Infraestructuras seguras y Hardening

josejuansanchez

0

150

pmconf2025 - データを活用し「価値」へ繋げる

0

660

AI駆動開発によるDDDの実践

PRO

0

420

AWS Bedrock AgentCoreで作る 1on1支援AIエージェント〜Memory × Evaluationsによる実践開発〜

4

310

【CEDEC+KYUSHU2025】学生・若手必見！テクニカルアーティスト大全～仕事・スキル・キャリアパス、TAの「わからない」を徹底解剖～

PRO

0

140

モダンデータスタック (MDS) の話とデータ分析が起こすビジネス変革

0

270

Security Diaries of an Open Source IAM

0

130

Featured

See All Featured

Documentation Writing (for coders)

76

5.2k

Evolution of real-time – Irina Nazarova, EuRuKo, 2024

9

1.1k

Building a Modern Day  E-commerce SEO Strategy

45

8.3k

Art, The Web, and Tiny UX

303

21k

Intergalactic Javascript Robots from Outer Space

273

27k

Practical Tips for Bootstrapping Information Extraction Pipelines

25

1.6k

Leading Effective Engineering Teams in the AI Era

8

1.3k

It's Worth the Effort

187

29k

Git: the NoSQL Database

PRO

432

66k

Design and Strategy: How to Deal with People Who Don’t "Get" Design

132

19k

How To Stay Up To Date on Web Technology

791

250k

Fight the Zombie Pattern Library - RWD Summit 2016

234

17k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]