0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

550

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

590

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.3k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

840

OWASP NZ Day 2016

0

210

Infectious Media with Rubber Ducky

1

630

Other Decks in Technology

See All in Technology

Cortex Codeのコスト見積ヒントご紹介

0

140

Building a Study Buddy AI Agent from Scratch: From Passive Chatbots to Autonomous Systems

0

120

古今東西SRE

1

120

ハーネスエンジニアリング入門

0

110

AI時代の品質はテストプロセスの作り直し #scrumniigata

PRO

4

1.1k

「誰一人取り残されない」 AIエージェント時代のプロダクト設計思想 Product Management Summit 2026

1

2.7k

「SaaSの次の時代」に重要性を増すステークホルダーマネジメントの要諦～解像度を圧倒的に高めPdMの価値を最大化させる方法～

PRO

3

3.6k

巨大プラットフォームを進化させる「第3のROI」

recruitengineers

PRO

2

2.3k

COBOL婆さんの伝説

0

130

社内エンジニア勉強会の醍醐味と苦しみ/tamadev

0

280

音声言語モデル手法に関する発表の紹介

0

160

M5Stack CoreS3とZephyr(RTOS)で Edge AIっぽいことしてみた

0

420

Featured

See All Featured

Cheating the UX When There Is Nothing More to Optimize - PixelPioneers

stephaniewalter

287

14k

Building Flexible Design Systems

yeseniaperezcruz

330

40k

How to build an LLM SEO readiness audit: a practical framework

1

730

職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position

62

54k

Building Better People: How to give real-time feedback that sticks.

370

20k

Learning to Love Humans: Emotional Interface Design

275

41k

GraphQLの誤解/rethinking-graphql

75

12k

Prompt Engineering for Job Search

0

290

Leveraging Curiosity to Care for An Aging Population

1

230

A Soul's Torment

6

2.7k

Testing 201, or: Great Expectations

46

8.1k

Winning Ecommerce Organic Search in an AI Era - #searchnstuff2025

1

2k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]