0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

550

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

590

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.3k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

840

OWASP NZ Day 2016

0

210

Infectious Media with Rubber Ducky

1

630

Other Decks in Technology

See All in Technology

AWS Transform CustomでIaCコードを自由自在に変換しよう

0

220

AIが書いたコードを信じられない問題〜レビュー負荷を下げるために変えたこと〜 / The AI Code Trust Gap: Reducing the Review Burden

PRO

8

1.4k

20260428_Product Management Summit_tadokoroyoshiro

tadokoro_yoshiro

15

17k

世界の中心でApp Runnerを叫ぶ FINAL

0

160

大学職員のための生成AI最前線：最前線を、AIガバナンスとして読み直すためのTips

0

2.1k

20年前の「OSS革命」に学ぶ AI時代の生存戦略

0

510

AIの揺らぎに“コシ”を与える階層化品質設計

0

110

Building Production-Ready Agents Microsoft Agent Framework

0

130

コードや知識を組み込む / Incorporate Code and Knowledge

PRO

0

190

社内エンジニア勉強会の醍醐味と苦しみ/tamadev

0

270

Oracle Cloud Infrastructure：2026年4月度サービス・アップデート

oracle4engineer

PRO

0

240

「誰一人取り残されない」 AIエージェント時代のプロダクト設計思想 Product Management Summit 2026

1

2.4k

Featured

See All Featured

Game over? The fight for quality and originality in the time of robots

1

170

コードの90%をAIが書く世界で何が待っているのか / What awaits us in a world where 90% of the code is written by AI

61

43k

Improving Core Web Vitals using Speculation Rules API

sergeychernyshev

21

1.5k

The innovator’s Mindset -  Leading Through an Era of Exponential Change - McGill University 2025

PRO

1

160

How to Ace a Technical Interview

281

24k

Making Projects Easy

120

6.6k

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

231

23k

Exploring the relationship between traditional SERPs and Gen AI search

raygrieselhuber

PRO

2

3.9k

Testing 201, or: Great Expectations

46

8.1k

XXLCSS - How to scale CSS and keep your sanity

250

1.3M

HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy

PRO

0

340

Navigating Team Friction

192

16k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]