0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

InfectPE - Inject Custom Code into PE File
By: Jimakoch
April 29, 2017

Using this tool you can inject x-code/shellcode into PE file. InjectPE works only with 32-bit executable files. Why you need InjectPE? You can test your security products. Use in a phishing campaign. Learn how PE injection works. ...and so on. ...

Fake Image Exploiter Framework -The "Noob" Friendly Function
By: spiritedwolf
April 29, 2017

Hello everyone,I'm SpiritedWolf as you all [may] know and I am uploading something after a long while because I was busy with this thing called "life" :)Anyway, here is my video tutorial: Today we are going to discuss one more awesome framework from the SSA team, i.e FakeImageExploiter.----------------------------------------CodeName: MetamorphosisVersion release: v1.3 (Stable)Author: Pedro ubuntu [ r00t-3xp10it ]Distros Supported: Linux Ubuntu, ...

UNM4SK3D: FCC, Air Force and Hajime
By: Olivia
April 28, 2017

#netneutrality We've quoted Eminem before, and we'll quote him again. 'The FCC won't let me be.' And this time we mean it. Now, after recent changes to privacy rules, FCC chairman Ajit Pai has announced the first move in efforts to kill off Net Neutrality. Before we get too ahead ...

Bruteforce Login-page Using Hydra and Python Script (DVWA)
By: an0th3rhuman
April 28, 2017

What is DVWA? Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a ...

Creating a post with Juliar
By: Rattar
April 27, 2017

Hello Cybrarians,Today we will be creating a program that stores name into a variable and prints it out!We will be using the new built-in editor for Juliar! You can download the latest version of Juliar from here:  https://juliar.org/downloads.php  First, you want to double-click the jar file to run. An editor should then pop up!Go to File -> NewThis will ...

The "Hell" of an Unsolicited Phone Call
By: njbaker7
April 27, 2017

Just knowing that the notion of a simple three letter word could wreak havoc in my life is scary beyond anything imaginable. I am speaking of a simple “Yes”. Getting a call from an unsolicited number has me screening my calls more than ever before. My thought now is, if it is that important the caller ...

Breaking into the Cybersecurity Field
By: Derek Carlin
April 27, 2017

“I want to get into Cybersecurity, where do I start?” With an estimated One Million job openings in Cybersecurity in 2017 and a shortage of talent, it is easy to see why so many people are drawn to the field. I myself made the switch from traditional IT to the Cybersecurity field within the last year, and when ...

I am "NOT" a Robot ... Using Juliar
By: Rattar
April 26, 2017

Hello Cybrarians and RatTeam-sters,Recently, I've been experimenting with Juliar Hallucinogen module for Juliar to break Google's I am not a robot CAPTCHA.  Juliar HTTP API was used for this experiment.For this experiment, I created a simple registration page with google's captcha. When you click on Google's captcha I am not a robot...there is a chance that you will ...

PowerShell Obfuskation Techniques & How to Detect Them
By: Jinx
April 26, 2017

Introduction: Invoke-Obfuscation is a code obfuscating Framework built on PowerShell by Daniel Bohannon.Attackers are using more and more powerful techniques to obfuscate their scripts and codes. PowerShell script is one such particular way of attack which is very dangerous if used due to few reasons Most of the internet population is on Windows. ...

SQL Injections – Part 1
By: Hari Charan
April 25, 2017

Though there are many vulnerabilities,  SQL injection (SQLi)  has its own significance. This is the most prevalent and most dangerous of web application vulnerabilities. Having this SQLi vulnerability in the application, an attacker may cause severe damage such as bypassing logins, retrieving sensitive information, modifying, and deleting data. Sometimes this costs life when it comes to ...