0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.8k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

490

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

540

Security Regression Testing on OWASP Zap Node API

1

9.9k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.3k

OWASP Quiz Night

2

1.2k

The Art of Exploitation

2

1.1k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

790

OWASP NZ Day 2016

0

190

Infectious Media with Rubber Ducky

1

570

Other Decks in Technology

See All in Technology

Amazon GuardDuty での脅威検出：脅威検出の実例から学ぶ

0

130

AIに頼りすぎない新人育成術

3

330

Exadata Database Service on Dedicated Infrastructure セキュリティ、ネットワーク、および管理について

oracle4engineer

PRO

1

320

プロダクトエンジニアリングで開発の楽しさを拡張する話

0

210

[OCI Technical Deep Dive] OCIで生成AIを活用するためのソリューション解説(2025年8月5日開催)

oracle4engineer

PRO

0

120

Engineering Failure-Resilient Systems

0

130

形式手法特論：位相空間としての並行プログラミング #kernelvm / Kernel VM Study Tokyo 18th

3

1.5k

プロジェクトマネジメントは不確実性との対話だ

hisashiwatanabe

0

130

UDDのススメ - 拡張版 -

maguroalternative

1

610

Amazon Q Developerを活用したアーキテクチャのリファクタリング

2

220

リモートワークで心掛けていること〜AI活用編〜

0

190

AIエージェントを現場で使う / 2025.08.07 著者陣に聞く！現場で活用するためのAIエージェント実践入門（Findyランチセッション）

7

1.3k

Featured

See All Featured

The Cult of Friendly URLs

79

6.5k

Product Roadmaps are Hard

PRO

54

11k

Making the Leap to Tech Lead

134

9.5k

XXLCSS - How to scale CSS and keep your sanity

248

1.3M

GitHub's CSS Performance

1031

460k

30

1.2k

[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails

36

2.5k

Design and Strategy: How to Deal with People Who Don’t "Get" Design

131

19k

Documentation Writing (for coders)

73

5k

Navigating Team Friction

188

15k

The Success of Rails: Ensuring Growth for the Next 100 Years

46

7.6k

jQuery: Nuts, Bolts and Bling

64

7.8k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]