0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Part 2: Bypass a Web Application Firewall (WAF)
By: S-Connect
July 29, 2016

Function Capitalization Technique:- For those WAF's, which filter only lowercase, we can easily bypass: Query! https://lxy.com/cost.php?id=90 UNION SELECT 1,2,3— Bypass! http://lxy.com/cost.php?id=-90 uniOn SeLeCt 1,2,3—  Replaced Keywords Technique:- For those WAF's, which escape certain keywords such as UNION, SELECT, ORDER BY, and so on: Query! http://abcxyz.com/itemdetail.php?id=-57 UNION SELECT 1,2— Bypass! http://abcxyz.com/itemdetail.php?id=-57 UNIunionON SEselectLECT 1,2—Sqlihttp://xyz.com/pricing.php?id=32 union all select 1,2,3—-By passed Sqlihttp://xyz.com/pricing.php?id=32 /!UNION/ +/!ALL/+/!SELECT/+1,2,3—-  Stay ...

Prashant's Algorithm for Password Management
By: Prashant Kumar Dey
July 28, 2016

Prashant's Algorithm for Password Management Introduction We've seen many forms of Social Engineering Attacks (SEA). The main aim of these SEA are to exploit the human vulnerability. The biggest vulnerability in Cyber Security is the human. Consider the following: There's significant increase in websites and, without ...

Python Programming For Hackers (Part 5) - Cracking Zipped Passwords
By: bjacharya
July 28, 2016

Welcome to next part, Python Programming For Hackers (Part 5) - Cracking Zipped Passwords   > Before starting, you must be familiar with .RAR and .ZIP > This process quickly tries for different passwords. If it misses, then it moves to the next one. If the password matches, then the zip file is easily extracted.   ...

A Comprehensive Guide to TCP/IP
By: RAJESHKUMAR
July 27, 2016

This is a comprehensive guide to TCP/IP. I'll try to keep it as concise as possible. It may to be too simple for some of you.If you need all the TCP/IP details, go to your local bookstore and buy on of these books with 1000+ pages on TCP/IP. We'll gloss over the history of TCP/IP and the Internet, unless ...

[podcast] Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA vendor headaches
By: BrBr
July 27, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-028-CherylBiswasTiaraconICSSCADAheadaches.mp3[/embed] Long time listeners will remember Ms. Cheryl#Biswas as one of the triumvirate we had on to discuss #mainframes and mainframe #security. ( http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3) I was interested in the goings on at BlackHat/DefCon/BsidesLV, and heard about#TiaraCon (@tiarac0n on Twitter). I went to find someone involved to understand what it was all about, and Ms. Cheryl reached out. She's an #organizer and ...

[podcast] Steps when scheduling a pentest, and the questions you forgot to ask... with Jarrod Frates
By: BrBr
July 27, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-029-JarrodFrates-Whattodobeforeapentest_starts.mp3[/embed]Jarrod Frates (@jarrodfrates on Twitter) has been doing pentests as a red-team member for a long time. His recent position at#InGuardians sees him engaging many companies who have realized that a typical 'pentest #puppymill' or pentest from certain companies just isn't good enough.Jarrod has also gone on more than a few engagements where he has found the client in question ...

So, You Want to Become a Hacker?
By: Archergilly
July 27, 2016

You see a lot of articles that explain, to become a Hacker, you need to know a lot of programming languages, which is something something not everybody can do. This approach has some truth, but at the same time, is closed minded.Hacking, in simplest terms, is making an asset behave in a way it was not originally designed to ...

[Product Update] Introducing Cybrary Teams
By: TREVORH
July 27, 2016

Cybrary has been working hard to release our newest platform for individuals, allowing them to learn and develop their cyber security skills on Cybrary together. Drum-roll, please... Introducing Cybrary Teams! With Cybrary eclipsing the 500,000 Registered Users mark, we sought to find a way to bring people closer together to learn, share, and grow beyond what's currently available ...

Why is “C” the Default Drive on Your Computer (Instead of A or B)?
By: doctorX
July 26, 2016

Have you ever wondered why the names of hard drives start from “C”? Where have the A and B drives gone? Here's the answer: Hard disk drives have been standard since 1980 Before hard disk drives, Floppy disk drives were used as data storage devices ...

Free Firewalls for Small and Medium Networks
By: ADIL BOUZIANI
July 26, 2016

Today, I'll share personal experience about the most important free firewalls that can be used in small and medium-sized networks. Most of these firewalls work in the Linux environment, including FreeBSD, or OpenBSD, which work with different techniques such as (Packet Filter), (IPFilter), (IPFirewall), and iptables.We'll talk about the firewalls that are fast and good for small networks working ...