0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Cracking CEH - The Comprehensive Guide in a Nutshell
By: GodSpeed
September 8, 2016

EC- Council’s Certified Ethical Hacker , currently version 9, is one of the most in demand certificate out there. People mostly have a varying viewpoint on how good is CEH and if anyone should do it at all.  But in any case it does not change the fact that the certification is valued around the world and is ...

Active Directory Security Checks
By: manishp
September 7, 2016

Active Directory Security Checks So Again a recreation of work with little modification from recent blackhat event by Sean Metcalf (@Pyrotek3) which talks in detail about the AD Security checks to be performed to increase the security level of the complete setup. i just collaborated all the points to one place to make it ...

Frequently Used Acronyms, Expanded!
By: 3rgis
September 7, 2016

Hello Cybrary.it! This is my first time writing here, so if I make any mistakes, correct me in the comments. Some of these acronyms aren't used daily, but they're still good to know. CCTV / CLOSED CIRCUIT TELEVISION CPU / CENTRAL PROCESSING UNIT DDoS / DISTRIBUTED DENIAL OF SERVICE ...

A Beginner's Guide to Juliar Module Creation in Python - Part 1
By: Rattar
September 6, 2016

Juliar Alpha 10 has just been released and there is a huge update that came with it.Juliar now allows import of modules created using python. That's right, you can now easilycreate your own modules in python and easily use them in Juliar .(This tutorial assumes you know how to run and execute Juliar commands. If you ...

SQL Injection Lab Part 1 – Lab Setup
By: bjacharya
September 6, 2016

Hello Cybrarians ! ! ! Welcome to:  SQL injection lab PT.1 – Intro/Lab setup In this lab, We’ll begin the series of  SQL Injection . This will be  Part-Wise Article/Guide  to learn SQL Injection . *Skill/Experience : Before proceeding to this series, you must know basics on setting up VM ...

Part 2: Creating Modules for Juliar in Python
By: Rattar
September 3, 2016

clearThis tutorial is continuation of Part 1: Creating Juliar Modules in Python.If you have no idea what's going on check out the previous part. https://www.cybrary.it/0p3n/part-1-creating-juliar-modules-python/ Pre-requisites: You must have read first part of tutorial You must have PythonDevKit downloaded You must be able to work your brain ...

Tutorial: Local File Inclusion to Command Execution
By: Chilico
September 2, 2016

Some information from this article has been used from the InfoSec Institute As you probably know , LFI attack's allow the attackers to view local files on a server but is not limited to that. With LFI we can also get a shell (sometimes) . There is several ways to manage that and here i will focused on ...

Simulating A Real Lab Environment for Pen Testing (Part 1)
By: jahankohan
September 1, 2016

Hi Guys,Today I'm going to show you how to build a real lab for pen testing.As all of you know, pen testing in the real world is not just dealing with 2 vms, one for an attacker and the other for the victim. In the real world, we should deal with a network, and in standard networks there are ...

The Guessability of Passwords
By: maggiee
September 1, 2016

Recently, over a family dinner, my aunt asked me how she could choose passwords that are secure. I responded with the usual advice: no words, especially not names; use a long passphrase, length really does matter; and so on. Until yesterday, though, I was unfamiliar with a formal metric for password “guessability”. In the course of ...

How to Test and Exploit SQL Injections in URL Rewrite Rules
By: Babak Esmaeili
August 31, 2016

First of all, what is URL rewrite?You've likely seen sites with this schema in URLs: https://victim.com/?id=1 Most everyone knows how to test for SQL injection in this situation ---> http://mysite.com/?id=1' or http://mysite.com/?id=1 and 2.5=2.5 or http://mysite.com/?id=1 and 3.4=3.5 and etc.But, in URL rewrites, this UR http://victim.com/?id=1 will become http://victim.com/1 ,{id ...