Slide 1
Slide 1 text
0wn1ng The Web
Slide 2
Slide 2 text
Why do We Care?
Slide 3
Slide 3 text
Reconnaissance
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
No content
Slide 6
Slide 6 text
Vulnerability Scanning
Slide 7
Slide 7 text
Vulnerability Scanning
NMAP
Slide 8
Slide 8 text
Vulnerability Scanning
scanner/ssh/ssh_enumusers SSH Username Enumeration
scanner/ssh/ssh_identify_pubkeys SSH Public Key Acceptance Scanner
scanner/ssh/ssh_login SSH Login Check Scanner
scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner
scanner/ssh/ssh_version SSH Version Scanner
Slide 9
Slide 9 text
Vulnerability Scanning
Slide 10
Slide 10 text
Vulnerability Scanning
Slide 11
Slide 11 text
Vulnerability Scanning
Slide 12
Slide 12 text
Vulnerability Searching
https://github.com/offensive-security/exploit-database
Slide 13
Slide 13 text
Vulnerability Searching
https://www.exploit-db.com/
Slide 14
Slide 14 text
No content
Slide 15
Slide 15 text
Vulnerability Searching
Slide 16
Slide 16 text
Vulnerability Searching
Slide 17
Slide 17 text
Vulnerability Searching
https://nodesecurity.io/advisories
https://web.nvd.nist.gov/view/vuln/search
Slide 18
Slide 18 text
Exploitation
Slide 19
Slide 19 text
Exploitation
Slide 20
Slide 20 text
Exploitation
Slide 21
Slide 21 text
Exploitation
Slide 22
Slide 22 text
Veil - Framework
Exploitation
Slide 23
Slide 23 text
Exploitation
Slide 24
Slide 24 text
Why These Tools?
Slide 25
Slide 25 text
Demo 1
Slide 26
Slide 26 text
Countermeasures
Slide 27
Slide 27 text
Countermeasures
Fix XSS vulns
Slide 28
Slide 28 text
-
Slide 29
Slide 29 text
Demo 2
Slide 30
Slide 30 text
Countermeasures
Slide 31
Slide 31 text
Countermeasures
Understanding of Social Engineering
Slide 32
Slide 32 text
No content
Slide 33
Slide 33 text
No content
Slide 34
Slide 34 text
Demo 3
Slide 35
Slide 35 text
Countermeasures
Slide 36
Slide 36 text
Countermeasures
Spoofing
Slide 37
Slide 37 text
No content
Slide 38
Slide 38 text
Exploitation
Hooked Browsers... What now?
Slide 39
Slide 39 text
No content
Slide 40
Slide 40 text
No content
Slide 41
Slide 41 text
Demo 4
Slide 42
Slide 42 text
Demo 5
Slide 43
Slide 43 text
Countermeasures
Slide 44
Slide 44 text
Countermeasures
● Long Complex Passwords
● Disabling LM Hashing
● Using SysKey
● Eval Physical Access
Slide 45
Slide 45 text
Documenting / Reporting
Slide 46
Slide 46 text
No content
Slide 47
Slide 47 text
Following images are used under the Creative Commons:
[1], [2]