0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Web Server Penetration Testing Checklist
April 1, 2017

Web server pen testing performing under 3 major category which is identity, analysis, and reporting vulnerabilities such as authentication weaknesses, configuration errors, and protocol relation vulnerabilities. "Conduct a serial of methodical and repeatable tests"  is the best way to test the web server along with this to work through all of the different application vulnerabilities. ...

HTML Injection Introduction
By: Hari Charan
March 31, 2017

  What is HTML injection? As you know,  HTML  is used to design web pages. Yes, you’re right. But what happens if a developer forgets to sanitize the user input. What happens if developers don’t predict when a hacker use the application. Do you know what all could be done if this vulnerability exist? To inject you don’t even need a toolkit. You may ...

UNM4SK3D: FCC, WhatsApp, and GiftGhost
By: Olivia
March 31, 2017

#privacyrules Ladies and gentlemen, start your VPNs. As of March 28th, the House of Representatives and the Senate agreed to repeal the FCC's recent privacy rules. And while those rules still need President Trump's likely signature, many are rushing to Google 'Private network how-tos,' with VPN subscriptions in the US surging by 239% ...

GOLISMERO Framework - The Web Knife
By: spiritedwolf
March 31, 2017

Hello Everyone, Today on the behalf of Legion group I would like to make a tutorial on GOLISMERO The Web Knife. Actually one of my friends told me that, "theharvester or golismero.py. Both of those tools are excellently written scripts ...

Overturning FCC Privacy Ruling: A Marketer’s Viewpoint
By: rcubed
March 30, 2017

The United States Senate voted last week to reverse broadband privacy rules put in place last October requiring ISPs to get consent from consumers before selling or sharing their Web browsing data and other private info with third parties. The vote was split decidedly along party lines with the deciding edge going to the Republican-controlled Senate. A similar result ...

Lateral Movement Part 1
By: Alfie
March 30, 2017

Scenario:  you are a normal user in your company’s domain. No admin privileges. Nothing. You can’t even install a program on your machine.What if I told you, that you can be the local administrator on your machine and  probably  on several more in your organization?I am not able to count the number of things you are able to ...

Logging Settings and Procedures
By: Tamas Szucs
March 30, 2017

Logging procedures Necessary information The list indicates that the IT infrastructure that event logging is necessary if interpreted in the given system. 1. Successful and unsuccessful access attempts 2. Create and delete users 3. Users permissions changes 4. Create, delete, change roles 5. Software startup, shutdown 6. Changes in the ...

Optimization Tips and Tricks
By: cosimof
March 29, 2017

Hello, everyone. Lately, I have been working on a C project that happened to be dealing with a few tips regarding the optimization.I found some information surfing the net, so I studied the GCC documentation and several articles about the programming language and decided to share the tricks with you.I will try to be as clear as possible to avoid misunderstandings. To ...

Introduction to the IPtables Command
By: lscianni
March 29, 2017

What is IPtables? Iptables is a firewall that is usually built into Linux. Technically, IPtables is the interface for the kernel module Netfilter. In other words, IPtables resides in userspace and allows the user to enter firewall rules, and Netfilter is the kernel module that does the actual filtering.Before we get into actually setting up our firewall rules let's ...

Closing the Cyber Security Skills Gap
By: Olivia
March 28, 2017

Any search of the term ‘Cyber Security Skills Gap’ will return a laundry list of frightening facts about how far behind the industry is in terms of finding and hiring the needed professionals.Those with the desired skills will be able to command high salaries, among other benefits. But for managers seeking the dime a dozen talent, it’s a near impossible ...