0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Gaining Access through Default Maintenance Accounts
By: Mohamed Abdellatif Jaber
October 31, 2017

Maintenance Accounts (English Version) Here is a mistake where many server owners and site admins leave their maintenance accounts in the default mode. The hacker can guess account credentials in a simple way.For example:If we target (router) we will extract (IP), we will use any Rang IP extraction program. For example, IP Range - Angry IP. After we extract many ...

"Phreaky" Hacks You Should Know
By: Lawrence King
October 31, 2017

                Hackers can be extremely creative at getting around various types of security, but there may be some ways that are so far out there and crazy that many security professionals have not even heard of them. Some of these hacks are pure genius and they show us how someone with enough determination can get through nearly any type of ...

Love Linux? You're Not Alone
By: ginasilvertree
October 30, 2017

If you love Linux, you're not alone! Your fellow Cybrarians are enjoying lots of cool Linux training, tools, posted content, etc. The links below include training and supplemental study tools.Plus, here are a few interesting thoughts on Linux from Linux.com : "From smartphones to cars, supercomputers and home appliances, the Linux operating system is everywhere. It’s been around ...

UNM4SK3D: Bad Rabbit, Iot Reaper, and Kaspersky
By: Olivia
October 27, 2017

#ransomware Bad Rabbit ransomware, which involves the downloaded file named 'installflashplayer.exe,' has   hit approximately 200 businesses in multiple countries including the US, Russia, Ukraine, Germany and Turkey.  According to researchers as Kaspersky, the outbreak is spreading from drive-by download attacks via legitimate news sites where the host sites are infected with a ...

OSINT with SHODAN
By: Sean Mancini
October 24, 2017

You may have heard the term OSINT(“Open Source Intelligence”). The basics are that you can use public sources to get information about a target during your recon. There are many tools that are available to perform this task such as Google, Maltego, SHODAN etc, one of the tools that really puts a perspective not only on what can be ...

Insider Threats are the Greatest Risk to your Data
By: superv3k900
October 23, 2017

Most companies have already hunkered down to prevent hackers from stealing proprietary data. Their security teams have almost certainly installed powerful firewalls. Some companies may have acquired robust security systems to protect themselves against ransomware, the malicious code that cybercriminals use to encrypt your data and hold it hostage until you pay a hefty ransom.The trouble is, there’s ...

Three Mistakes in Responding to Security Incidents, and What To Do Instead
By: superv3k900
October 22, 2017

It's all about time; responding promptly to the threat of any cyber incident is the most important part of any response. However, according to a recent white paper  (PDF) from security consultant Derek A. Smith: "Effective Incident Response Through User Activity Monitoring", organizations continue to make the same three potentially costly mistakes that could be costing them ...

UNM4SK3D: WPA2, ATMs, and RSA Keys
By: Olivia
October 20, 2017

#krack Devastating news for avid Wi-Fi users was released over the weekend when Belgian researcher Mathy Vanhoef of The Katholieke Universiteit Leuven discovered a weakness with the WPA2 protocol used to secure all modern Wi-Fi networks.  The weakness, which can be exploited by someone within range of the victim’s local network using key re-installation ...

How To Be Security Conscious
By: james8
October 19, 2017

With the revelations of the Equifax hack and the fallout of bad security practices elsewhere, it is noteworthy to revisit the topic of what security means to people and organizations. How to think about security is not only essential everywhere but often needs reminding within organizations that take security too lightly. ...

External IP Address Search Using Python Source Code
By: Bmsr256
October 18, 2017

This time, I'm providing a Python source code tool designed to fetch your external IP address from the Internet. This is used mostly when you're behind a NAT. It picks your IP randomly from a server list to minimize request overhead on a single server.You need to import re and random libraries for this tool to perfectly ...