Upgrade to Pro — share decks privately, control downloads, hide ads and more …

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter Kim Carter
September 08, 2015
Technology
2
1.8k

0wn1ng The Web at www.wdcnz.com

Avatar for Kim Carter

Kim Carter

September 08, 2015
Tweet

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
Avatar for Kim Carter binarymist
0
480
owaspnz-chch-meetup-2021-workshop-planning-and-covid
Avatar for Kim Carter binarymist
0
530
Security Regression Testing on OWASP Zap Node API
Avatar for Kim Carter binarymist
1
9.8k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
Avatar for Kim Carter binarymist
0
1.3k
OWASP Quiz Night
Avatar for Kim Carter binarymist
2
1.2k
The Art of Exploitation
Avatar for Kim Carter binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
Avatar for Kim Carter binarymist
1
780
OWASP NZ Day 2016
Avatar for Kim Carter binarymist
0
180
Infectious Media with Rubber Ducky
Avatar for Kim Carter binarymist
1
570

Other Decks in Technology

See All in Technology
AWS Organizations 新機能!マルチパーティ承認の紹介
Avatar for yhana yhana
1
200
LangChain Interrupt & LangChain Ambassadors meetingレポート
Avatar for os1ma os1ma
2
170
SpringBoot x TestContainerで実現するポータブル自動結合テスト
Avatar for 株式会社出前館 demaecan
0
110
2025-06-26 GitHub CopilotとAI駆動開発:実践と導入のリアル
Avatar for 河内崇 fl_kawachi
1
190
5min GuardDuty Extended Threat Detection EKS
Avatar for takakuni takakuni
0
160
20250625 Snowflake Summit 2025活用事例 レポート / Nowcast Snowflake Summit 2025 Case Study Report
Avatar for K.Osawa kkuv
1
340
Geminiとv0による高速プロトタイピング
Avatar for Shinya Masadome(東京AI祭) shinya337
0
160
Delegating the chores of authenticating users to Keycloak
Avatar for Alexander Schwartz ahus1
0
130
TechLION vol.41~MySQLユーザ会のほうから来ました / techlion41_mysql
Avatar for sakaik sakaik
0
200
Tech-Verse 2025 Global CTO Session
Avatar for LINEヤフーTech (LY Corporation Tech) lycorptech_jp
PRO
0
960
製造業からパッケージ製品まで、あらゆる領域をカバー!生成AIを利用したテストシナリオ生成 / 20250627 Suguru Ishii
Avatar for SHIFT EVOLVE shift_evolve
PRO
1
150
A2Aのクライアントを自作する
Avatar for Ryunosuke Iwai rynsuke
1
220

Featured

See All Featured
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
Avatar for panda_program panda_program
107
19k
Fight the Zombie Pattern Library - RWD Summit 2016
Avatar for Marcelo Somers marcelosomers
233
17k
Fireside Chat
Avatar for paigeccino paigeccino
37
3.5k
Learning to Love Humans: Emotional Interface Design
Avatar for Aarron Walter aarron
273
40k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
YesSQL, Process and Tooling at Scale
Avatar for Rocio Delgado rocio
173
14k
Distributed Sagas: A Protocol for Coordinating Microservices
Avatar for Caitie McCaffrey caitiem20
331
22k
Practical Tips for Bootstrapping Information Extraction Pipelines
Avatar for Matthew Honnibal honnibal
PRO
20
1.3k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
277
23k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
694
190k
How GitHub (no longer) Works
Avatar for Zach Holman holman
314
140k
Music & Morning Musume
Avatar for Bryan Veloso bryan
46
6.6k

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]