0wn1ng The Web at www.wdcnz.com

September 08, 2015

1.9k

0wn1ng The Web at www.wdcnz.com

Kim Carter

September 08, 2015

Tweet

More Decks by Kim Carter

See All by Kim Carter

Application Intrusion Detection

0

530

owaspnz-chch-meetup-2021-workshop-planning-and-covid

0

570

Security Regression Testing on OWASP Zap Node API

1

10k

Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha

0

1.4k

OWASP Quiz Night

2

1.3k

The Art of Exploitation

2

1.2k

Developing a High Performance Security Focussed Agile Team (2 hr workshop)

1

820

OWASP NZ Day 2016

0

200

Infectious Media with Rubber Ducky

1

610

Other Decks in Technology

See All in Technology

AI駆動PjMの理想像と現在地 -実践例を添えて-

masahiro_okamura

1

110

Amazon Bedrock Knowledge Basesチャンキング解説！

0

130

We Built for Predictability; The Workloads Didn’t Care

0

140

Contract One Engineering Unit 紹介資料

PRO

0

13k

usermode linux without MMU - fosdem2026 kernel devroom

0

230

SREが向き合う大規模リアーキテクチャ〜信頼性とアジリティの両立〜

0

440

GitLab Duo Agent Platform × AGENTS.md で実現するSpec-Driven Development / GitLab Duo Agent Platform × AGENTS.md

0

130

10Xにおける品質保証活動の全体像と改善 #no_more_wait_for_test

PRO

2

230

プロポーザルに込める段取り八分

1

220

レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み

0

210

Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介

3

170

SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント

0

190

Featured

See All Featured

Building the Perfect Custom Keyboard

2

680

The agentic SEO stack - context over prompts

0

630

More Than Pixels: Becoming A User Experience Designer

3

320

Lightning Talk: Beautiful Slides for Beginners

PRO

1

440

世界の人気アプリ100個を分析して見えたペイウォール設計の心得

PRO

66

36k

<Decoding/> the Language of Devs - We Love SEO 2024

1

130

The Power of CSS Pseudo Elements

80

6.2k

Writing Fast Ruby

630

62k

Bootstrapping a Software Product

PRO

307

120k

Lightning talk: Run Django tests with GitHub Actions

0

110

Understanding Cognitive Biases in Performance Measurement

32

2.8k

Statistics for Hackers

799

230k

Transcript

0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]