0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Security Plus - Compliance and Operational Security
By: ram
March 6, 2017

Compliance and Operational Security 2.1 Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf   ), this article covers the second domain, Compliance and Operational Security 2.0, with its first sub-heading (2.1). ...

IPTables Firewall Rule Generator
By: Tamas Szucs
March 5, 2017

Operation of the firewall rule generator The base of the firewall rules are the logged traffic. Application of the firewall rule generator Setting the traffic logging: iptables -A INPUT -j LOGiptables -A OUTPUT -j LOGiptables -A FORWARD -j LOG Start the required communications, and wait to accumulate ...

Dharma Ransomware Virus: The .wallet Extension
By: David Balaban
March 5, 2017

In late 2016, threat actors behind the CrySiS ransomware decided to give up their campaign for some reason. They made the master decryption keys public so that everybody infected could get their data back. It seemed at that point that the group of crooks gave up the nasty extortion business. However, this anticipation never materialized. ...

Flex-Learning: Exploring the growing world of online learning
By: Rachel Laura M
March 4, 2017

Not so long ago, when you wanted to pursue any kind of educational experience, you had to enroll in a course, pay your tuition and then commit to a specific time and place for a certain amount of time (e.g., a quarter, semester or academic year) to complete the experience. However, in today’s modern and technology-centered times, there are ...

UNM4SK3D: AWS, Cloudbleed, and CloudPets
By: Olivia
March 3, 2017

#outage The annoyance when your Internet won't load is quite possibly the most irritating feeling of the 21st century. So when the Amazon S3 outage occurred on Tuesday, February 28th for almost 5 hours, both consumers and businesses alike were in quite a mood. S3, or Simple Storage Service, provides hosting ...

Hacker Types: From Black to White and Everything In-between
By: Aayog Koirala
March 3, 2017

A hacker is a person having an intimate understanding of the internal workings of a system, computers and computer networks in particular. They are the ones often characterized as malicious, criminals or cyber terrorists but those are black hat hackers(bad hackers). Due to the mass media usage of the word, every hacker is often looked at as a cyber criminal. There are ...

Preventing Authentication Bypass with SessionID
By: sranjanbehera
March 3, 2017

What is SessionID? SessionID is a unique ID for checking the authentication of a logged on user. Based on the SessionID the Server responds to a browser. And the Session Hijacking involves, accessing the random sessionID based on user input. This sessionID is being used for both the Web and Mobile applications. Authentication Bypass places a major stack in ...

Alexa, Call Jeff Bezos
By: rcubed
March 2, 2017

Last Tuesday (2/28/2017) Amazon’s AWS S3 web service was intermittently unavailable. S3 (Simple Storage Service) is one of the many web services hosted on the Amazon Web Services platform , AWS. It’s also the most used service hosting everything from the image files used by websites both small and humongous, to database files powering some pretty large e-commerce ...

Why CISA is Inevitable for Today's Audit Professionals
By: Hemang Doshi
March 2, 2017

What is CISA? The Certified Information Systems Auditor (CISA) is a certification issued by the Information Systems Audit and Control Association (ISACA). Certified Information Systems Auditor (CISA) is a globally recognized certification in the field of audit , control , and ...

Importance of Planning, Management and Testing
By: Abhishek Bagewadi
March 2, 2017

The Importance of Planning, Management, and Testing for Successful Delivery of the Project        1)        Planning        2)        Resource  Management        3)        Motivation        4)        Test Process management ...