Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Thinking Like an Attacker

Avatar for Nick Le Mouton Nick Le Mouton
February 05, 2018
Technology
0
100

Thinking Like an Attacker

Avatar for Nick Le Mouton

Nick Le Mouton

February 05, 2018
Tweet

Other Decks in Technology

See All in Technology
Terraformで構築する セルフサービス型データプラットフォーム / terraform-self-service-data-platform
Avatar for pei0804 pei0804
1
200
Evolución del razonamiento matemático de GPT-4.1 a GPT-5 - Data Aventura Summit 2025 & VSCode DevDays
Avatar for Lautaro Carro lauchacarro
0
210
まずはマネコンでちゃちゃっと作ってから、それをCDKにしてみよか。
Avatar for ヤマダ(北野) yamada_r
2
120
MagicPod導入から半年、オープンロジQAチームで実際にやったこと
Avatar for joko tjoko
0
110
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
Avatar for Michiru Kato applism118
22
12k
Unlocking the Power of AI Agents with LINE Bot MCP Server
Avatar for LINE Developers Thailand linedevth
0
120
2つのフロントエンドと状態管理
Avatar for MIXI ENGINEERS mixi_engineers
PRO
3
150
Android Audio: Beyond Winning On It
Avatar for Atsushi Eno atsushieno
0
3.4k
2025/09/16 仕様駆動開発とAI-DLCが導くAI駆動開発の新フェーズ
Avatar for オカムラ masahiro_okamura
0
130
Create Ruby native extension gem with Go
Avatar for sue445 sue445
0
130
5分でカオスエンジニアリングを分かった気になろう
Avatar for Aja9tochin pandayumi
0
260
KotlinConf 2025_イベントレポート
Avatar for ソニー株式会社 sony
1
140

Featured

See All Featured
What's in a price? How to price your products and services
Avatar for Michael Herold michaelherold
246
12k
Making Projects Easy
Avatar for Brett Harned brettharned
117
6.4k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
49
3k
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
248
1.3M
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
Avatar for Eileen M. Uchitelle eileencodes
26
3k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
231
18k
ReactJS: Keep Simple. Everything can be a component!
Avatar for Pedro Nauck pedronauck
667
120k
Measuring & Analyzing Core Web Vitals
Avatar for Philip Tellis bluesmoon
9
580
Visualization
Avatar for Eitan Lees eitanlees
148
16k
Statistics for Hackers
Avatar for Jake VanderPlas jakevdp
799
220k
[RailsConf 2023 Opening Keynote] The Magic of Rails
Avatar for Eileen M. Uchitelle eileencodes
30
9.7k
Easily Structure & Communicate Ideas using Wireframe
Avatar for Afnizar Nur Ghifari afnizarnur
194
16k

Transcript

  1. Thinking Like an Attacker
 (Hacking Your Own Organisation)

  2. # whoami • Nick Le Mouton (@noodlesnz) • CTO Drugs.com

    • Developer • Security • Operations
  3. None
  4. None
  5. None

  6. Googlebot

  7. A2:2017 Broken Authentication

  8. None

  9. • Disconnect between security and developers • Security find vulnerabilities

    • Developers fix vulnerabilities • Security often don’t impart how they found the vulnerabilities in the first place

  10. • Best position to attack an application • Shift Mindset

    • Logic and knowledge
  11. None
  12. None

  13. Object Injection Example • A8:2017 Insecure Deserialization

  14. None
  15. None

  16. GuzzleHttp\Cookie\CookieJar

  17. Payload

  18. None
  19. None

  20. Blind XSS • A7:2017-Cross-Site Scripting (XSS) • Security scan shows

    no XSS vulnerability

  21. XSS Hunter

  22. So How Can I Do That? • Offensive Security Courses

    • Hack Yourself First by Troy Hunt (pluralsight.com) • https://infosec101.nz/

  23. • Start hacking things, find out what works and what

    doesn’t • Damn Vulnerable Web Application (DVWA) • OWASP Juice Shop Project

  24. CTFs • CTFLearn.com • Find upcoming online CTFs on ctftime.org

    • Read write ups at ctftime.org/writeups

  25. Thank You