0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

NoSQLMap
By: bachan
February 3, 2017

Estimated reading time: 6 minutes Hello, Cybrarians!All of you should be familiar with SQL injection, but today databases are not simply following the tradition of relational databases. Today, many firms are using NoSQL database platforms like MongoDB and Cassandra. So, for hacking those databases, SQLMap is not the option you need or want.NoSQLMap is an open source tool ...

Whatever happened to software that would write itself?
By: rcubed
February 2, 2017

Age does have some benefits, though they are sometimes hard to appreciate among the aches and pains and general tendency for complaining about…well, getting older. In some respects, I was fortunate to begin my career in technology in 1980 just when things were getting interesting for that field. It would be more than a decade later before ...

Intro to OSSEC
By: Meta
February 2, 2017

Estimated reading time: 6 minutes Intro to OSSEC HIDS OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection and real-time alerting and active response. When tied together with something like Snorby, Sguil, ELSA or Alienvault, this can be a very powerful tool ...

Antivirus Evading Payloads: An Introduction to Veil-Evasion
By: gazzwalker
February 2, 2017

Estimated reading time: 2 minutes Hi All, The following article is intended as a brief introduction to the Veil-Evasion tool. This is part of the Veil-Framework  was created by Chris Truncer . The Evasion tool is used to generate a range of different payloads ...

Cryptography Part 1: A Quick Summary
By: bytezealot
February 1, 2017

Estimated reading time: 4 minutes Cryptography Part 1: A Quick Summary TOC: Cryptography in History Services Cryptography can Provide Confidentiality Symmetric Cryptography Asymmetric Cryptography ...

Super Fast Encryption (Linear Feedback Shift Register Sequences)
By: ProgrammerE
February 1, 2017

Estimated reading time: 2.5 minutes Use of cryptographic algorithms like Triple DES, AES, and Twofish is good for applications where you need high security and you can afford a slight delay. Credit card purchases, file transfers, and turn based games are good candidates for these kinds of algorithms. Real-time games, market data, and distributed computing needs ...

All The News Fit or Unfit to Print
By: rcubed
January 31, 2017

This is the fifth and final post in the series on “ How to be an Educated Consumer of Online Information .” I can hear you cheering now. I realize that this series may have seemed like I’ve veered off on a tangent. After all, what does any of this have to do with IT and cybersecurity? ...

TCP Reverse Shell Using Python
By: r00t_privilege
January 31, 2017

Estimated reading time: 1 minute This article is about creating a reverse shell session over TCP using Python Sockets. Let me explain what happens in a general sense.First, the server binds its IP address and a PORT to a socket [note that I implemented a fixed solution for other people whose routers change IPs whenever they ...

Beware of Internal Security Threats
By: Lawrence King
January 31, 2017

Estimated reading time: 4 minutes Are there any employees who work in their own little bubble in your organization where nobody else is aware of what they do, where they keep files or important documents? How much data do they have access to? Does anybody audit their access to the network, bank accounts or inventory? ...

Winter Phishing: Gmail Scams
By: Rachel Laura M
January 30, 2017

Scams! Some hackers are good at them. Hackers who create phishing schemes often create documents that are realistic and convincing enough to look legitimate; causing even some of the most technologically savvy users to fall for them. That is a "good" scam.Netflix was recently the target of such a scam. Unsuspecting users were sent a link via e-mail which ...