Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
0wn1ng The Web at www.wdcnz.com
Search
Kim Carter
September 08, 2015
Technology
2k
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
0wn1ng The Web at www.wdcnz.com
Kim Carter
September 08, 2015
More Decks by Kim Carter
See All by Kim Carter
Application Intrusion Detection
binarymist
0
570
owaspnz-chch-meetup-2021-workshop-planning-and-covid
binarymist
0
600
Security Regression Testing on OWASP Zap Node API
binarymist
1
10k
Building purpleteam (a Security Regression Testing SaaS) - From PoC to Alpha
binarymist
0
1.4k
OWASP Quiz Night
binarymist
2
1.3k
The Art of Exploitation
binarymist
2
1.2k
Developing a High Performance Security Focussed Agile Team (2 hr workshop)
binarymist
1
860
OWASP NZ Day 2016
binarymist
0
220
Infectious Media with Rubber Ducky
binarymist
1
640
Other Decks in Technology
See All in Technology
AI Agent SaaS を支える自社仮想化基盤への挑戦と実運用 / ai-agent-saas-virtualization
flatt_security
2
1.1k
テスト設計の本質を改めて考えてみる~生成AIを活用する時代だからこそ、作ったテストの説明性を高めよう~
yamasaki696
1
290
型は壁、Rustでもバグを直すな、表現できなくせよ
nwiizo
10
1.2k
Claude Codeとハーネスについて考えてみる
oikon48
17
8.3k
依頼文化をやめる日 EM視点で語るPlatform EngineeringとInclusive SRE / Discussing Platform Engineering and Inclusive SRE from an EM's Perspective
shin1988
3
2k
Hatena Engineer Seminar 37 jj1uzh
jj1uzh
0
430
Kotlin 開発のツラミを爆破した話! / Explode the difficulty of Kotlin dev!
eller86
0
150
10x Speed With QA Agent Platform - How we scaled adoption from individual effort to organizational capability
lycorptech_jp
PRO
0
130
インフラ寄りSREでも 開発に踏み出せる〜境界を越えてユーザー体験に向き合いたい〜
sansantech
PRO
0
510
なぜ私たちのSREプラクティスはなかなか機能しないのか 〜システムより先に組織を見る〜 / Why our SRE practices aren't really working
vtryo
0
700
5分でわかる Amazon Connect_20260608
hwangbyeonghun
0
180
GuardrailからGovernanceへ~AIエージェント運用の次の課題~
sbspsy
1
130
Featured
See All Featured
The MySQL Ecosystem @ GitHub 2015
samlambert
251
13k
Hiding What from Whom? A Critical Review of the History of Programming languages for Music
tomoyanonymous
3
880
So, you think you're a good person
axbom
PRO
2
2.1k
Heart Work Chapter 1 - Part 1
lfama
PRO
8
36k
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Art, The Web, and Tiny UX
lynnandtonic
304
22k
A Tale of Four Properties
chriscoyier
163
24k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
The SEO Collaboration Effect
kristinabergwall1
1
500
AI: The stuff that nobody shows you
jnunemaker
PRO
8
770
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
28
3.5k
The Art of Programming - Codeland 2020
erikaheidi
57
14k
Transcript
0wn1ng The Web
Why do We Care?
Reconnaissance
None
None
Vulnerability Scanning
Vulnerability Scanning NMAP
Vulnerability Scanning scanner/ssh/ssh_enumusers SSH Username Enumeration scanner/ssh/ssh_identify_pubkeys SSH Public Key
Acceptance Scanner scanner/ssh/ssh_login SSH Login Check Scanner scanner/ssh/ssh_login_pubkey SSH Public Key Login Scanner scanner/ssh/ssh_version SSH Version Scanner
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Scanning
Vulnerability Searching https://github.com/offensive-security/exploit-database
Vulnerability Searching https://www.exploit-db.com/
None
Vulnerability Searching
Vulnerability Searching
Vulnerability Searching https://nodesecurity.io/advisories https://web.nvd.nist.gov/view/vuln/search
Exploitation
Exploitation
Exploitation
Exploitation
Veil - Framework Exploitation
Exploitation
Why These Tools?
Demo 1
Countermeasures
Countermeasures Fix XSS vulns
-
Demo 2
Countermeasures
Countermeasures Understanding of Social Engineering
None
None
Demo 3
Countermeasures
Countermeasures Spoofing
None
Exploitation Hooked Browsers... What now?
None
None
Demo 4
Demo 5
Countermeasures
Countermeasures • Long Complex Passwords • Disabling LM Hashing •
Using SysKey • Eval Physical Access
Documenting / Reporting
None
Following images are used under the Creative Commons: [1], [2]