Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2
1.8k
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
Tweet
Share
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
490
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
530
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.9k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
790
OWASP NZ Day 2016
binarymist
0
180
Infectious Media with Rubber Ducky
binarymist
1
570
Other Decks in Technology
See All in Technology
AIコードアシスタントとiOS開発
jollyjoester
1
230
今日からあなたもGeminiを好きになる
subaruhello
1
590
Bliki (ja), and the Cathedral, and the Bazaar
koic
8
1.4k
本当にわかりやすいAIエージェント入門
segavvy
10
6k
20250719_JAWS_kobe
takuyay0ne
1
160
Talk to Someone At Delta Airlines™️ USA Contact Numbers
travelcarecenter
0
170
Snowflake のアーキテクチャは本当に筋がよかったのか / Data Engineering Study #30
indigo13love
0
260
そもそも AWS FIS について。なぜ今 FIS のハンズオンなのか?などなど
kazzpapa3
2
120
2025-07-25 NOT A HOTEL TECH TALK ━ スマートホーム開発の最前線 ━ SOFTWARE
wakinchan
0
140
大規模組織にAIエージェントを迅速に導入するためのセキュリティの勘所 / AI agents for large-scale organizations
i35_267
6
230
Data Engineering Study#30 LT資料
tetsuroito
1
580
Shadow DOM & Security - Exploring the boundary between light and shadow
masatokinugawa
0
670
Featured
See All Featured
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Into the Great Unknown - MozCon
thekraken
40
1.9k
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
16k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
507
140k
BBQ
matthewcrist
89
9.7k
Java REST API Framework Comparison - PWX 2021
mraible
31
8.7k
A better future with KSS
kneath
238
17k
Practical Orchestrator
shlominoach
189
11k
GraphQLとの向き合い方2022年版
quramy
49
14k
GitHub's CSS Performance
jonrohan
1031
460k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
21
1.3k
Done Done
chrislema
184
16k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]