0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

470

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

520

Security Regression Testing on OWASP Zap Node API

1

9.8k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

780

OWASP NZ Day 2016

0

170

Infectious Media with Rubber Ducky

1

560

Other Decks in Technology

See All in Technology

RDRA3.0を知ろう

2

430

iOS/Androidで無限循環Carousel表現を考えてみる

0

130

積み上げられた技術資産と向き合いながら、プロダクトの信頼性をどう守るか

0

890

プラットフォームとしての Datadog / Datadog as Platforms

1

330

AIに実況させる / AI Streamer

3

1.4k

MCP で繋ぐ Figma とデザインシステム〜LLM を使った UI 実装のリアル〜

2

1.3k

Slackひと声でブログ校正！Claudeレビュー自動化編

3

180

GitHub Coding Agent 概要

1

1.6k

Babylon.jsでゲームを作ってみよう

0

100

Oracle Base Database Service 技術詳細

oracle4engineer

8

65k

Cursor Meetup Tokyo

0

190

面接を通過するためにやってて良かったこと3選

0

130

Featured

See All Featured

CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again

160

15k

10 Git Anti Patterns You Should be Aware of

656

60k

The Invisible Side of Design

299

50k

Save Time (by Creating Custom Rails Generators)

31

1.2k

Helping Users Find Their Own Way: Creating Modern Search Experiences

29

2.6k

"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)

228

22k

Creating an realtime collaboration tool: Agile Flush - .NET Oxford

30

2.1k

The Language of Interfaces

158

25k

Mobile First: as difficult as doing things right

223

9.6k

Improving Core Web Vitals using Speculation Rules API

sergeychernyshev

15

890

sergeychernyshev

30

970

Stop Working from a Prison Cell

269

20k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]