0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

450

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

490

Security Regression Testing on OWASP Zap Node API

1

9.7k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.2k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

750

OWASP NZ Day 2016

0

160

Infectious Media with Rubber Ducky

1

540

Other Decks in Technology

See All in Technology

急成長する企業で作った、エンジニアが輝ける制度/ 20250214 Rinto Ikenoue

3

1.3k

The Future of SEO: The Impact of AI on Search

0

200

Classmethod AI Talks(CATs) #17 司会進行スライド(2025.02.19) / classmethod-ai-talks-aka-cats_moderator-slides_vol17_2025-02-19

0

120

Developer Summit 2025 [14-D-1] Yuki Hattori

19

6.3k

『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会

0

150

2025-02-21 ゆるSRE勉強会 Enhancing SRE Using AI

1

380

Oracle Cloud Infrastructure：2025年2月度サービス・アップデート

oracle4engineer

1

220

Classmethod AI Talks(CATs) #16 司会進行スライド(2025.02.12) / classmethod-ai-talks-aka-cats_moderator-slides_vol16_2025-02-12

0

110

一度 Expo の採用を断念したけど、再度 Expo の導入を検討している話

1

170

データマネジメントのトレードオフに立ち向かう

6

1k

開発スピードは上がっている…品質はどうする？スピードと品質を両立させるためのプロダクト開発の進め方とは #DevSumi #DevSumiB / Agile And Quality

2

3k

プロセス改善による品質向上事例

2

2.6k

Featured

See All Featured

Designing Experiences People Love

140

23k

Rails Girls Zürich Keynote

94

13k

Docker and Python

44

3.3k

Exploring the Power of Turbo Streams & Action Cable | RailsConf2023

30

4.6k

Building Your Own Lightsaber

104

6.2k

YesSQL, Process and Tooling at Scale

172

14k

Measuring & Analyzing Core Web Vitals

6

240

Git: the NoSQL Database

427

64k

How to Create Impact in a Changing Tech Landscape [PerfNow 2023]

49

2.3k

Agile that works and the tools we love

328

21k

[RailsConf 2023] Rails as a piece of cake

53

5.2k

Why Our Code Smells

336

57k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]