0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

InfoSec Cheat Sheets
By: RachidOubaoug
November 5, 2017

Reverse Engineering: https://www.cybrary.it/wp-content/uploads/2017/11/cheat-sheet-reverse-v6.png Linux commands: https://linoxide.com/images/linux-cheat-sheet-612x792.png Penetration Testing: https://highon.coffee/blog/cheat-sheet/ SQL Injection: http://pentestmonkey.net/category/cheat-sheet/sql-injection NMAP: Professor Messer+s Quick Reference Guide to NMAP Hacker Target: Nmap Cheat Sheet XSS: ...

UNM4SK3D: Pwn2Own, FireEye, and Google
By: Olivia
November 3, 2017

#zeroday Participants in the Mobile Pwn2Own 2017 competition recently produced exploits for exploits for the iPhone 7, Samsung Galaxy S8, and other mobile devices. Nothing like a little friendly competition, right?   For those unfamiliar, this competition is a two-day event hosted by Trend Micro's Zero Day Initiative (ZDI) and promotes the disclosure of vulnerabilities during ...

Identifying Security Risks with Security.txt
By: Mike Ship
November 2, 2017

While listening to a recent episode of Security Now , Steve Gibson discussed that help is on the way for securing websites and services. I have not seen much mention of it anywhere else but I feel that it is definitely something worth noting.When it comes to identifying security risks in websites and services a major problem in the ...

What Experts Are Saying About Shadow Brokers
By: Aman2406
October 31, 2017

As we have all heard, there is a group calling themselves The Shadow Broker.  They hacked into the NSA's (National Security Agency) server and stole a disk full of secrets last summer. This stunt pulled by shadow brokers publicly mocked the NSA for their vulnerable security and lack of information gathering skills. Despite this, they also ...

Gaining Access through Default Maintenance Accounts
By: Mohamed Abdellatif Jaber
October 31, 2017

Maintenance Accounts (English Version) Here is a mistake where many server owners and site admins leave their maintenance accounts in the default mode. The hacker can guess account credentials in a simple way.For example:If we target (router) we will extract (IP), we will use any Rang IP extraction program. For example, IP Range - Angry IP. After we extract many ...

"Phreaky" Hacks You Should Know
By: Lawrence King
October 31, 2017

                Hackers can be extremely creative at getting around various types of security, but there may be some ways that are so far out there and crazy that many security professionals have not even heard of them. Some of these hacks are pure genius and they show us how someone with enough determination can get through nearly any type of ...

Love Linux? You're Not Alone
By: ginasilvertree
October 30, 2017

If you love Linux, you're not alone! Your fellow Cybrarians are enjoying lots of cool Linux training, tools, posted content, etc. The links below include training and supplemental study tools.Plus, here are a few interesting thoughts on Linux from Linux.com : "From smartphones to cars, supercomputers and home appliances, the Linux operating system is everywhere. It’s been around ...

UNM4SK3D: Bad Rabbit, Iot Reaper, and Kaspersky
By: Olivia
October 27, 2017

#ransomware Bad Rabbit ransomware, which involves the downloaded file named 'installflashplayer.exe,' has   hit approximately 200 businesses in multiple countries including the US, Russia, Ukraine, Germany and Turkey.  According to researchers as Kaspersky, the outbreak is spreading from drive-by download attacks via legitimate news sites where the host sites are infected with a ...

OSINT with SHODAN
By: Sean Mancini
October 24, 2017

You may have heard the term OSINT(“Open Source Intelligence”). The basics are that you can use public sources to get information about a target during your recon. There are many tools that are available to perform this task such as Google, Maltego, SHODAN etc, one of the tools that really puts a perspective not only on what can be ...

Insider Threats are the Greatest Risk to your Data
By: superv3k900
October 23, 2017

Most companies have already hunkered down to prevent hackers from stealing proprietary data. Their security teams have almost certainly installed powerful firewalls. Some companies may have acquired robust security systems to protect themselves against ransomware, the malicious code that cybercriminals use to encrypt your data and hold it hostage until you pay a hefty ransom.The trouble is, there’s ...