Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.7k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
440
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
480
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.6k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.2k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
750
OWASP NZ Day 2016
binarymist
0
160
Infectious Media with Rubber Ducky
binarymist
1
530
Other Decks in Technology
See All in Technology
My small contributions - Fujiwara Tech Conference 2025
ijin
0
1.5k
【Oracle Cloud ウェビナー】2025年のセキュリティ脅威を読み解く:リスクに備えるためのレジリエンスとデータ保護
oracle4engineer
PRO
1
100
re:Invent 2024のふりかえり
beli68
0
110
データ基盤におけるIaCの重要性とその運用
mtpooh
4
530
ドメイン駆動設計の実践により事業の成長スピードと保守性を両立するショッピングクーポン
lycorptech_jp
PRO
13
2.3k
今年一年で頑張ること / What I will do my best this year
pauli
1
220
EMConf JP の楽しみ方 / How to enjoy EMConf JP
pauli
2
150
Evolving Architecture
rainerhahnekamp
3
260
Oracle Exadata Database Service(Dedicated Infrastructure):サービス概要のご紹介
oracle4engineer
PRO
0
12k
PaaSの歴史と、 アプリケーションプラットフォームのこれから
jacopen
7
1.5k
AWS re:Invent 2024 recap in 20min / JAWSUG 千葉 2025.1.14
shimy
1
100
2025年のARグラスの潮流
kotauchisunsun
0
800
Featured
See All Featured
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
251
21k
Build The Right Thing And Hit Your Dates
maggiecrowley
33
2.5k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
230
52k
Rails Girls Zürich Keynote
gr2m
94
13k
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
The Invisible Side of Design
smashingmag
299
50k
VelocityConf: Rendering Performance Case Studies
addyosmani
327
24k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Gamification - CAS2011
davidbonilla
80
5.1k
For a Future-Friendly Web
brad_frost
176
9.5k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.2k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]
binarymist
ijin
oracle4engineer
beli68
mtpooh
lycorptech_jp
pauli
rainerhahnekamp
jacopen
shimy
kotauchisunsun
smashingmag
maggiecrowley
destraynor
gr2m
marcelosomers
addyosmani
chriscoyier
davidbonilla
brad_frost
eileencodes
sonatard
![Following images are used under the Creative Commons: [1], [2]](https://files.speakerdeck.com/presentations/8d03e8bd71154a2c94b6b8a33e9e2436/slide_46.jpg){kind=link}