0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Firewall Detection with WafW00f
By: Priyank Gada
May 12, 2017

WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall (WAF) products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response and escalates as necessary.You can override or include your own headers, it has SOCKS and HTTP proxy support and detects a ...

What is Penetration Testing to You?
By: jmcedric
May 12, 2017

My friend asked me "What is Penetration Testing?"I stumbled upon this question myself trying to figure out what the true meaning of "Pen Testing" is. I am doing it every day, like my daily routine, but that's it. Without thinking, I said to my friend, "pen testing is a process of someone who looks for security holes and reports them ...

UNM4SK3D: France, Android, and FIN7
By: Olivia
May 12, 2017

#hacked Hear no evil. See no evil. Speak no evil. Over the weekend, France ignored the 'massive' pre-election hacking attack on Emmanuel Macron’s campaign and elected him the new President over far-right candidate Marine Le Pen. Hackers leaked nine gigabytes of emails two days before the French Presidential Election, which everyone across the world ...

How to Use DNS Analysis Tools in Kali Linux
By: Priyank Gada
May 11, 2017

What's inside this video? I'll unpack it for you. In this video, we will learn how to use all DNS analysis tools present in Kali Linux. I am going to use Kali Linux 2016. You can use any version that you have. We will slowly learn all the tools present in Kali Linux. DNSRecon Help URL:  https://tools.kali.org/information-gathering/dnsrecon ...

Intro to the USB Rubber Ducky
By: D'Angelo Gonzalez
May 11, 2017

I've made a video on the USB Rubber Ducky by Hak5 which can be found at the bottom of this article. But, I will also go into some depth in writing here. So what exactly is the USB Rubber Ducky? In short, the USB Rubber ducky is not actually a USB in the traditional sense. It is ...

Which is best? 2.4 or 5GHz
By: bachan
May 10, 2017

Hello, Cybrarians!I've been asked many times which wireless signal frequency is better, 2.4 GHz or 5 GHz?If you want a deeper understanding you can look it up online or visit quora.com which is my favorite site because it helps me a lot.So, both are suitable for their work. Both are suitable frequency options, but which you use depends on ...

Hacking and Hackers Explained
By: BEAST GLATISANT
May 10, 2017

Greetings Citizens of the World. Let me first introduce you myself. I'm The Geeq . Many of you might know my name but still, for many I'm anonymous. I'm here to tell you about Hacking: Hacktivism, Black Hat Hackers, Crackers, and more. Sounds Pretty awesome right? But wait, let me say that many of you would say that ...

iOS App Penetration Testing: Cracking SSH Passwords with Hydra
By: Lalitha
May 9, 2017

Hello Guys. This is my first video on Cybrary. It deals with cracking SSH Passwords with Hydra. Yes, I know the video is old (from 2014), but the info is still relevant. If you have any questions, please comment below and I'll answer as soon as possible. Transcript: 0:00 ...

Ultimate USB Rubber Ducky Recon Script
By: D'Angelo Gonzalez
May 9, 2017

This script does a lot but has some impactful key features that are worth reviewing. The Rubber Ducky Recon Script displays the current WiFi Connections credentials by exploiting the [ ]  character in Command Prompt, which acts as "everything". So in this script, we are using the    in  netsh wlan show ...

Use XSSer Automated Framework to Detect, Exploit and Report XSS Vulnerabilities
By: gurubaran
May 9, 2017

XSS is a very commonly exploited vulnerability type which is   very widely spread   and   easily detectable . An  attacker can inject untrusted snippets of JavaScript into your application without validation. This JavaScript is then executed by the victim who is visiting the target site. Cross Site “Scripter” (aka XSSer) ...