Upgrade to Pro — share decks privately, control downloads, hide ads and more …

0wn1ng The Web at www.wdcnz.com

Kim Carter
September 08, 2015
Technology
2
1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015
Tweet

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
binarymist
0
460
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
510
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.7k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.3k
OWASP Quiz Night
binarymist
2
1.2k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
770
OWASP NZ Day 2016
binarymist
0
170
Infectious Media with Rubber Ducky
binarymist
1
550

Other Decks in Technology

See All in Technology
LangChainとLangGiraphによるRAG・AIエージェント実践入門「10章 要件定義書生成Alエージェントの開発」輪読会スライド
takaakiinada
0
130
いつも初心者向けの記事に助けられているので得意分野では初心者向けの記事を書きます
toru_kubota
2
270
近年の PyCon 情勢から見た PyCon APAC のまとめ
terapyon
0
290
ソフトウェア開発現代史: "LeanとDevOpsの科学"の「科学」とは何か? - DORA Report 10年の変遷を追って - #DevOpsDaysTokyo
takabow
0
200
Langchain4j y Ollama - Integrando LLMs con programas Java @ Commit Conf 2025
deors
1
130
大規模サービスにおける カスケード障害
takumiogawa
3
800
AI AgentOps LT大会(2025/04/16) Algomatic伊藤発表資料
kosukeito
0
120
Tokyo dbt Meetup #13 dbtと連携するBI製品&機能ざっくり紹介
sagara
0
430
テキスト解析で見る PyCon APAC 2025 セッション&スピーカートレンド分析
negi111111
0
280
AWSのマルチアカウント管理 ベストプラクティス最新版 2025 / Multi-Account management on AWS best practice 2025
ohmura
4
200
Micro Frontends: Necessity, Implementation, and Challenges
rainerhahnekamp
2
350
フロントエンドも盛り上げたい!フロントエンドCBとAmplifyの軌跡
mkdev10
2
240

Featured

See All Featured
Automating Front-end Workflow
addyosmani
1369
200k
How GitHub (no longer) Works
holman
314
140k
Designing Experiences People Love
moore
141
24k
Six Lessons from altMBA
skipperchong
27
3.7k
The Pragmatic Product Professional
lauravandoore
33
6.5k
Optimising Largest Contentful Paint
csswizardry
36
3.2k
Faster Mobile Websites
deanohume
306
31k
A Modern Web Designer's Workflow
chriscoyier
693
190k
Writing Fast Ruby
sferik
628
61k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.6k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Git: the NoSQL Database
bkeepers
PRO
430
65k

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]