Upgrade to Pro — share decks privately, control downloads, hide ads and more …

0wn1ng The Web at www.wdcnz.com

Kim Carter
September 08, 2015
Technology
2
1.7k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015
Tweet

More Decks by Kim Carter

See All by Kim Carter
Application Intrusion Detection
binarymist
0
420
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
470
Security Regression Testing on OWASP Zap Node API
binarymist
1
9.5k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.2k
OWASP Quiz Night
binarymist
2
1.1k
The Art of Exploitation
binarymist
2
1.1k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
740
OWASP NZ Day 2016
binarymist
0
150
Infectious Media with Rubber Ducky
binarymist
1
500

Other Decks in Technology

See All in Technology
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.2k
AWS Media Services 最新サービスアップデート 2024
eijikominami
0
200
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
初心者向けAWS Securityの勉強会mini Security-JAWSを9ヶ月ぐらい実施してきての近況
cmusudakeisuke
0
130
『Firebase Dynamic Links終了に備える』 FlutterアプリでのAdjust導入とDeeplink最適化
techiro
0
130
AGIについてChatGPTに聞いてみた
blueb
0
130
Platform Engineering for Software Developers and Architects
syntasso
1
520
AWS Lambdaと歩んだ“サーバーレス”と今後 #lambda_10years
yoshidashingo
1
180
TypeScriptの次なる大進化なるか!? 条件型を返り値とする関数の型推論
uhyo
2
1.7k
Lambdaと地方とコミュニティ
miu_crescent
2
370
個人でもIAM Identity Centerを使おう!(アクセス管理編)
ryder472
4
230
DynamoDB でスロットリングが発生したとき/when_throttling_occurs_in_dynamodb_short
emiki
0
260

Featured

See All Featured
GitHub's CSS Performance
jonrohan
1030
460k
Site-Speed That Sticks
csswizardry
0
28
Reflections from 52 weeks, 52 projects
jeffersonlam
346
20k
The Cult of Friendly URLs
andyhume
78
6k
Designing for Performance
lara
604
68k
How to train your dragon (web standard)
notwaldorf
88
5.7k
A better future with KSS
kneath
238
17k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
28
8.2k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
47
2.1k
Writing Fast Ruby
sferik
627
61k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
38
1.8k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k

Transcript

  1. 0wn1ng The Web

  2. Why do We Care?

  3. Reconnaissance

  4. None
  5. None

  6. Vulnerability Scanning

  7. Vulnerability Scanning NMAP

  8. Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key

    Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner

  9. Vulnerability Scanning

  10. Vulnerability Scanning

  11. Vulnerability Scanning

  12. Vulnerability Searching https://github.com/offensive-security/exploit-database

  13. Vulnerability Searching https://www.exploit-db.com/

  14. None

  15. Vulnerability Searching

  16. Vulnerability Searching

  17. Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search

  18. Exploitation

  19. Exploitation

  20. Exploitation

  21. Exploitation

  22. Veil - Framework Exploitation

  23. Exploitation

  24. Why These Tools?

  25. Demo 1

  26. Countermeasures

  27. Countermeasures Fix XSS vulns

  28. -

  29. Demo 2

  30. Countermeasures

  31. Countermeasures Understanding of Social Engineering

  32. None
  33. None

  34. Demo 3

  35. Countermeasures

  36. Countermeasures Spoofing

  37. None

  38. Exploitation Hooked Browsers... What now?

  39. None
  40. None

  41. Demo 4

  42. Demo 5

  43. Countermeasures

  44. Countermeasures • Long Complex Passwords • Disabling LM Hashing •

    Using SysKey • Eval Physical Access

  45. Documenting / Reporting

  46. None

  47. Following images are used under the Creative Commons: [1], [2]