Upgrade to Pro — share decks privately, control downloads, hide ads and more …

0wn1ng The Web at www.wdcnz.com

Sponsored · SiteGround - Reliable hosting with speed, security, and support you can count on.
Avatar for Kim Carter Kim Carter
September 08, 2015
Technology
1.9k
2

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter

Kim Carter

September 08, 2015

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
Avatar for Kim Carter binarymist
0
560
owaspnz-chch-meetup-2021-workshop-planning-and-covid
Avatar for Kim Carter binarymist
0
590
Security Regression Testing on OWASP Zap Node API
Avatar for Kim Carter binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
Avatar for Kim Carter binarymist
0
1.4k
OWASP Quiz Night
Avatar for Kim Carter binarymist
2
1.3k
The Art of Exploitation
Avatar for Kim Carter binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
Avatar for Kim Carter binarymist
1
850
OWASP NZ Day 2016
Avatar for Kim Carter binarymist
0
210
Infectious Media with Rubber Ducky
Avatar for Kim Carter binarymist
1
630

Other Decks in Technology

See All in Technology
さきさん文庫の書籍ができるまで
Avatar for H.Saki sakiengineer
0
270
Agentic Design Patterns
Avatar for Guillaume Laforge glaforge
0
230
Oracle Cloud Infrastructure:2026年5月度サービス・アップデート
Avatar for oracle4engineer oracle4engineer
PRO
1
180
layerx-fde-practices
Avatar for cipepser cipepser
6
2.8k
A Harness for Behaviour: how to get AI to generate code that does what we intend, or "TDD in the age of AI"
Avatar for Matteo Vaccari xpmatteo
0
470
【禁断】Obsidianの第二の脳に「知の巨人」と呼ばれた師匠の脳をロードしてみた
Avatar for 長津孝輔 nagatsu
0
6.9k
Node.js+TypeScriptにおけるCJS/ESM相互運用の最新ポイント
Avatar for Naoki Kiryu grainrigi
2
130
「使われるデータ基盤」を目指してデータアナリストとワークショップをやった話
Avatar for jackojacko_ jackojacko_
2
900
Generative UI × A2UI で AI エージェントを作った話 AI-DLC も使ってみた!
Avatar for たけのこ kmiya84377
1
250
インフラが苦手でも大丈夫! 紙芝居 Kubernetes -WWGT 10周年編-
Avatar for Aoi Takahashi aoi1
1
260
Claude Codeですべての日常業務を爆速化しよう!
Avatar for みのるん minorun365
PRO
16
14k
checker.tsにチキンレースを仕掛けてみた:型エラー(TS2589)が発生する境界線を求めて
Avatar for Hal hal_spidernight
1
210

Featured

See All Featured
Everyday Curiosity
Avatar for Cassini Nazir cassininazir
0
210
Become a Pro
Avatar for Speaker Deck speakerdeck
PRO
31
5.9k
How to audit for AI Accessibility on your Front & Back End
Avatar for davetheseo davetheseo
0
380
Design in an AI World
Avatar for tapps tapps
1
220
Building Better People: How to give real-time feedback that sticks.
Avatar for Will Jessup wjessup
370
20k
Taking LLMs out of the black box: A practical guide to human-in-the-loop distillation
Avatar for Ines Montani inesmontani
PRO
3
2.2k
Conquering PDFs: document understanding beyond plain text
Avatar for Ines Montani inesmontani
PRO
4
2.7k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
333
22k
SEO for Brand Visibility & Recognition
Avatar for Aleyda Solis aleyda
0
4.6k
A Guide to Academic Writing Using Generative AI - A Workshop
Avatar for Kenji Saito ks91
PRO
1
310
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
Avatar for Addy Osmani addyosmani
10
1.2k
Improving Core Web Vitals using Speculation Rules API
Avatar for Sergey Chernyshev sergeychernyshev
21
1.5k

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]