0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

CyberPop - What Does 'Kill Chain' Mean?
By: ginasilvertree
June 24, 2016

CyberPop is a quick way to learn definitions, terms and facts about cyber security.  Today's Question: What does 'Kill Chain' mean? Kill Chain is a "military-inspired term encompassing the various stages of a cyber attack—reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action. Applies mainly to malware attacks, and was popularized by Lockheed Martin." Never. Stop. Learning. >> Browse ...

CISCO ASA Firewall Commands Cheat Sheet [Part 7]
By: Motasem
June 24, 2016

Hello folks! Here we go with the 7th part of the CISCO ASA Firewall Commands Cheat Sheet. This part will briefly explain how to control your network traffic and prioritize some traffic over others, using QOS. Also, it will give you a simple way to integrate security service modules with ASA to form an Intrusion Prevention System.Let's begin... ...

Infosec 101 - SSH Tutorial
By: GodSpeed
June 23, 2016

The Infosec 101 series is geared towards relatively new members of the information security domain and will include some basic, yet important, concepts. This is the first post in the series.  SSH stands for secured shell. It works on TCP port 22 and is used for remote administration. It's an asymmetric cryptographic protocol and, hence, makes ...

Launch a Client-Side Attack Using Excel Files
By: Chilico
June 23, 2016

Hello Cybrarians, once again,In this article, we'll discuss client-side attacks with Excel files.Client-side attacks are always a fun topic for attackers today. As network administrators and software developers fortify the perimeter, pentesters need to find a way to make the victims open the doors for them to enter the network.Client-side attacks require user interaction, such as enticing victims to ...

Anonymize Yourself on a Network (Change Your MAC Address)
By: sheeraz ali
June 22, 2016

Welcome! Let's get started... Changing the MAC Address with the MAC Changer in Kali Linux As a Hacker, you should know that being anonymous is really important. In some great hacking books, they write that hiding yourself is the first step of hacking. Especially when you're attacking a network, you should know that your physical ...

Machine Learning is Imperative for the Detection and Mitigation of Cyber Threats
By: pankaj1251
June 22, 2016

There's lot of buzz around machine learning. The days aren't far when the machine learned data will be like other commoditized security products such as Antivirus, firewalls, etc. What we largely see in today’s landscape allows enterprises to collaborate with various environments through grid computing and on-demand/on-the-fly platforms. While we're enhancing the business productivity, this is simultaneously ...

Payload Customization with Metasploit
By: S-Connect
June 21, 2016

Why would we need custom payloads? Likely in situations where we launched Metasploit, but no session is created or it seems like the Antivirus software got popped. Being a penetration tester , you have to overcome. It always seems like antivirus software is a hurdle. The best possible way to avoid antivirus software is to use custom payloads.Create your ...

"Done for You" List of Exploit/Exploitation Videos
By: ginasilvertree
June 21, 2016

According to the pentest-standard.org website, "The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods ...

A Synopsis of the NIST Risk Management Framework
By: Eric
June 20, 2016

Applying The NIST Risk Management Framework There are a number of approaches to managing risk. I chose to focus on this approach because it's free to use and the supporting documentation is readily available. Managing risk is a complex process and requires the input from the whole organization. There are three tiers associated with the respective portions of ...

Windows Hacking 1: Injecting a Backdoor into a PE File
By: Z33MAX
June 20, 2016

Welcome back Cybrarians, In the hacking world, being stealthy and undetectable is the number one priority after anonymity. Creating custom attacks that seem very real is an art that needs creativity and patience. Fooling the user into the hacker’s trap is not easy as the old days.Therefore, new ways are created to cover all ...