0P3N Blog

Hey guys,In order to follow this tutorial, you must have Juliar installed with a web server.Run Juliar as a webserver, create index.ju file in webfiles and add the following to index.ju: get query/test This will basically access the object query that is automatically populated if run as a web server.We will be populating using GET request, so we can ...

Let me start by asking you a question. What is your education worth to you?If your immediate thought was, well, not too much, then let me ask you another question. Would you be willing to spend about 40 minutes to learn a whole heck of a lot and get the certification to back what you just learned?Maybe you’d rather spend ...

https://traffic.libsyn.com/brakeingsecurity/2016-041-Ben_johnson.mp3  Ben Johnson from Carbon Black has been around the industry for a good while, and has seen a lot of ugly things in our industry.Ben had written a recent blog post ( https://www.carbonblack.com/2016/08/12/benvlog-3-negative-forces-driving-security/) detailing the issues that seem to plague many companies and many people in the infosec community.We talked about these issues in depth, and how companies and ...

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-045-aamirlakhani-thedarkweb-creatingreputation.mp3[/embed] Mr. Boettcher and I met Mr. Aamir#Lakhani at DerbyCon this year, and immediately intrigued with his work on the Dark Web.He has assisted with law enforcement investigations, a known member of the dark web, to the point where people with#malware or bots will seek him out in an effort to 'legitimize' their work, similar to how being reported on by ...

Introduction Vulnerability assessment is one of the steps of penetration testing. It can be described as the procedure where the penetration tester scans the system for vulnerabilities in order to gain access to the system. A vulnerability can be a weakness point, a failure even a miss-configured file that a pentester ...

The International Information Systems Security Certification Consortium creates the certifications most known in the hacking world. More details can be found at https://www.isc2.org/uploadedFiles/(ISC)2PublicContent/(ISC)2-Company-Overview.pdf In particular, they develop the CISSP (for Leadership & Operations), CSSLP (Software Security), CCFP (Cyber Forensics), and many more.In order to receive certification from (ISC)², you must agree to their code of ethics. ...

Each holiday shopping season has a must-have gift item. Holidays past had their Cabbage Patch Kids, Mighty Morphin Power Rangers, and Legos as perennial favorites. Holiday 2016 is shaping up to have several contenders, but no clear favorite has yet emerged. At least Pokemon characters are in the mix coming off the summer craze the Pokemon Go ...

As security professionals, many of us try to teach a few simple lessons to help system administrators become more security-conscious. In this article I’ll talk about how obscurity can aid security - -hopefully, I can clear up some misconceptions. Obscurity: What Do We Really Mean?         First, what does the security professional ...

 Tor is a widely popular connection-oriented anonymizing communication service used by journalists, activists groups, security investigators, among others. This article explains how to boost the Tor privacy using it as an Isolating Proxy .An Isolating Proxy is one of the safest Tor setups. It prevents leaks present in other scenarios ...

As a result of Juliar's  latest update, you can now send raw emails via rawemail command that sends an email to a user using SMTP protocol. (Download the latest Juliar at  https://www.juliar.org ) What is a raw email? In a raw email, you have to write everything to send to the server.Here is the command: *rawemailFrom: "Ben" <ben@example.com>To: J <j@example.com>Cc: ...