0P3N Blog

Cybrary’s Open Blog is a user contributed cyber security knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Leveraging CompTIA’s list of Security+ Exam Objectives ( https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf ), I'll go through each element and provide examples. This article covers the first domain, Network Security (1.0), with its first sub-heading (1.1). The examples are not in any particular order, preference, or recommendation. They’re just quick and ...
Sicherheitssysteme und Applikationen: All-in-one Security Appliance – Modulares System, mit verschiedenen Sicherheitslösungen:1. IPS - intrusion protection system, schützt vor großformatige Angriffe2. IDS - intrusion detection system, identifiziert Angriffe durch AngriffsmusterHost-basiert: auf jedem Rechner installiertNetzwerk-basiert: Ein Sensor überwacht das gesamte NetzHybrid: Mischung aus Host-basiert und Netzbasiert3. Web filtering (Content Filter) – Filterung bestimmter Inhalte ...
Skills:                 Verstehen wie Computer arbeiten, sicherer Umgang mit verschiedenen OS,   Hardwarevorausetzungen der OS kennen, Kommunikation mit anderen Sicherheitsspezialisten Klassifikationen:                 Black Hat Hackers: kriminelle, auf persönlichen Profit ausGrey Hat Hackers:  Mischung  aus Black und White HatWhite Hat Hacker (Ethical Hacker): Beschützen mit ihren Computer skills            InformationssystemeSecurity Providing Organizations:  Organisation die Sicherheit für andere übernehmenStufen:Script kiddies: ...

PowerShell Exploit Using SEToolkit

By: ^Graff
July 10, 2015
PowerShell Exploit Using SEToolkit In this tutorial, I'm going to show you how you can compromise any Windows computer that has PowerShell installed on it. The scope of this tutorial is to: Show you how to open a Meterpreter session on a victim's computer. Help ...

5 Elements to Explore in Metasploit Basics

By: Multi Thinker
July 9, 2015
Hi once again,In this security article, I'll define the framework of Metasploit .We'll cover following topics (there are many more of them and we'll cover them in my next article): What is Metasploit? What Can We Do with It? Understanding Metasploit CLI Commands and Exploit Attacks ...

An In-Depth Look at Ransomware

By: Johnny Confidence
July 9, 2015
What is Ransomware? Ransomware is a generic term for a family of malware, which, once active on your systems, searches for documents and pictures then encrypts them. Once encrypted the malware leaves a note with instructions on how to pay the attacker to receive a key allowing decryption of your files. ...

Don't Be the Victim of Cyber Fraud

By: DocGreenBanner
July 9, 2015
As a volunteer with a cyber crime-non profit, I've recently worked a case involving fraud.I'd like to share the following techniques to avoid fraud from electronic media, such as social media and email. And, the same information can also apply to in-person, phone or mail solicitations. First of all, if it sounds too good to be true, it very likely ...
Great news! Our End User Security Awareness training course, is now available from Cybrary. No matter how well trained the cyber security staff is within your organization, the greatest vulnerability remains just that, a huge vulnerability, if it remains unmitigated. It is widely known that the primary cause of data breaches within organizations comes ...

Xpath Injection (Final)

By: Multi Thinker
July 8, 2015
Testing and confirming Xpathi Testing for Xpath and confirming are the most important parts. Most of us, and specially the readers of securityidiots, see SQLi everywhere and anywhere they find an error - even if the error is a Conversional Error, Internal Error or Programming Error. Sometimes, people assume that getting blocked by WAF upon ...

XPath Injection (Part 2)

By: Multi Thinker
July 8, 2015
The XML Example Document We'll use the following XML document in the examples below. <?xml version="1.0" encoding="UTF-8"?><bookstore><book> <title lang="eng">Harry Potter</title> <price>76.99</price></book><book> <title lang="eng">Learning XML</title> <price>22.95</price></book><book> <title lang="eng">Learning XPATH</title> <price>30.20</price></book><book> <title lang="eng">Learning Secrets of Injections</title> <price>50.99</price></book><book> <title lang="eng">Learning Programming</title> <price>53.45</price></book></bookstore>   Selecting NodesXPath uses path expressions ...