0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

510

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

550

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

800

OWASP NZ Day 2016

0

190

Infectious Media with Rubber Ducky

1

590

Other Decks in Technology

See All in Technology

ABEMAのCM配信を支えるスケーラブルな分散カウンタの実装

3

880

AIを前提に、業務を”再構築”せよ IVRyの9ヶ月にわたる挑戦と未来の働き方 (BTCONJP2025)

1

770

ABEJA FIRST GUIDE for Software Engineers

0

3.2k

グローバルなコンパウンド戦略を支えるモジュラーモノリスとドメイン駆動設計

1

860

Moto: Latent Motion Token as the Bridging Language for Learning Robot Manipulation from Videos

0

150

[CV勉強会@関東 ICCV2025 読み会] World4Drive: End-to-End Autonomous Driving via Intention-aware Physical Latent World Model (Zheng+, ICCV 2025)

0

230

『HOWはWHY WHATで判断せよ』〜『ドメイン駆動設計をはじめよう』の読了報告と、本質への探求〜

PRO

5

2k

クレジットカードの不正を防止する技術

17

7.6k

生成AI時代に若手エンジニアが最初に覚えるべき内容と、その学習法

2

450

機密情報の漏洩を防げ！ Webフロントエンド開発で意識すべき漏洩パターンとその対策

PRO

10

3.6k

AIと自動化がもたらす業務効率化の実例：反社チェック等の調査・業務プロセス自動化

0

650

JavaScript パーサーに using 対応をする過程で与えたエコシステムへの影響

1

100

Featured

See All Featured

A designer walks into a library…

pauljervisheath

210

24k

Fashionably flexible responsive web design (full day workshop)

407

66k

Into the Great Unknown - MozCon

40

2.2k

Designing for humans not robots

254

26k

Product Roadmaps are Hard

PRO

55

12k

Exploring the Power of Turbo Streams & Action Cable | RailsConf2023

36

6.1k

It's Worth the Effort

187

28k

89

9.9k

I Don’t Have Time: Getting Over the Fear to Launch Your Podcast

34

2.5k

Chrome DevTools: State of the Union 2024 - Debugging React & Beyond

9

980

The Art of Programming - Codeland 2020

56

14k

Faster Mobile Websites

310

31k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]