0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Pentester's Guide - War Dialing & Port Scanning
By: Rattar
December 16, 2016

When you hear "attack on a computer", what do you think? You probably think it's some guy sitting behind a computer, using the internet to conduct attacks.What people do not realize is that even if a computer is not connected to the internet, it's still vulnerable to an attack through the magic of war dialers. What are war dialers? ...

UNM4SK3D: Europol, the FCC, and China
By: Olivia
December 16, 2016

  #cybercriminals Small victory dance from around the world- an international operation uncovered teens connected to DDoS cyber attacks.  Who says Generation Z is lazy?! Of the 101 watch-listed and 34 arrested suspects, the majority were under the age of 20. The teens are a part of the illegal 'DDoS for Hire' facilities ...

Sniffing Your Way through Snort NIDS
By: rcubed
December 15, 2016

Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are currently hot topics in the cyber security space and for good reason. Threats and exploits aren’t slowing down and the pressure is ramping up on organizations to do a better job in securing their IT infrastructure. This is a good thing. Too many organizations have been asleep at the ...

Practical Web Application Penetration Testing Series - Chapter 4
By: Babak Esmaeili
December 15, 2016

Scanning Web Applications for URL Rewrite Injection with Burpsuite Hello Cybrarians, As I was very busy last month, I couldn’t write this last chapter until now. In this chapter (chapter 4) I will show you how to test a website for URL rewrite injections with BurpSuite.  Then in the next chapter, (chapter ...

Understanding Variable Labels/Values in BASH: The "Newbie" Guide
By: dedeij
December 15, 2016

(Note: This article assumes you know what a terminal is, and are familiar with some basic CLI commands.) Hello Everyone,In this topic, I am going to distinguish between Variable labels and Variable Values. This is a very basic fundamental concept. However, thinking back to my first BASH scripting class, many of my fellow students had trouble understanding the ...

[podcast] Amanda Berlin, the art of the sale, and Malware droppers
By: BrBr
December 15, 2016

 [embed]https://traffic.libsyn.com/brakeingsecurity/2016-049-amandaberlintheartofthesaledecisionmaking_trees.mp3[/embed]"Always Be Closing" is the mantra that Alec Baldwin's character "Blake" intones in the movie "#GlenGarry#Glen #Ross". Ironically, the film about 4 men selling was a failure in the theaters.A lot of times as#blue #teamers, we find ourselves in the sights of a #sales person, or often enough, we are inviting them into our conference rooms to find out how ...

Human Hacking: Social Engineering 101
By: Zoran L.
December 14, 2016

Human Hacking: Social Engineering 101  Typically, people are the weakest link in a security chain lifecycle; therefore, they – not technology – become the priority of a hacker.  In the most of high-profile data breaches, hackers used some form of social engineering.Companies may spend millions of dollars to protect their data with ...

Here’s How to Get Hired: 7 Resume Must Do’s for the IT Professional
By: Olivia
December 14, 2016

Once upon a time, I worked as a recruiter for a telecommunications company.And I believe that while your interview skills are incredibly important, one’s resume is truly the ‘key to the kingdom’ of sorts. After all, if you can’t get through the door at a company, then your interview skills are essentially useless. Trust me when I say having looked ...

Linux Smackdown: Which Distro Reigns Supreme for Pentesting?
By: rcubed
December 13, 2016

There are some things in life that were simply meant for each other: peanut butter and jelly, snow and Christmas, and Friday night and pizza. In the case of pizza, it goes well with pretty much anything, especially cold beer. When it comes to the art of pentesting, the first ingredient is a target loaded with vulnerabilities. ...

CEH vs. OSCP: A Modern Analysis for the Career-minded Professional
By: jrinehard
December 13, 2016

Rising to the surface in a sea of cybersecurity hiring candidates demands more than mere skill. Employers demand stronger assurances, and the best guarantees of employee talent come in the form of certifications.Choosing between obtaining Certified Ethical Hacker and Offensive Security Certified Professional credentials may seem difficult to the uninitiated. Here's some vital clarification on which ...