0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Python Programming For Hackers (Part 6) - Creating SSH Botnet
By: bjacharya
August 16, 2016

And again, Hello Cybrarians ! Python Programming For Hackers (Part 6) - Creating SSH Botnet In this part, I'll talk some theory on Botnet and then we'll see a basic SSH Botnet (including Python scripts and coding). > Before going to SSH Botnet, let's see the definition of Bot/Botnet first. Bot   Actually, ...

Hashing Using the OpenSSL Toolkit
By: junkwerks
August 15, 2016

In part 1 of this series discussing hashing, we explored how to run hashing commands from the command-line in Linux, OSX, and Windows 10. Part 2 took a more global overview of hashing and its uses. In this, part 3, we'll look at one more way to produce a hash via the command-line in most variations of opensource *nix ...

Understanding ISO 27001 - An Information Security Standard
By: saki76
August 15, 2016

Over the last few months, I have been reading about various IT and InfoSec frameworks such as COBIT , NIST CyberSecurity framework and ISO 27001 as well as CIS Critical Security Controls to find a suitable framework to implement in my organization. ISO 27001 is one of ...

Custom Python Script: Webscraping with Mechanize and Beautifulsoup
By: prometheus
August 12, 2016

Hello, fellow Cybrarians!I'm back with another post. With this script, we're gonna mainly scrap websites without actually interacting with the browser!  Why web scraping? What's in it for me? Webscraping has an advantage when it comes to faster analysis of data or spidering a whole website for important links, which may interest you during your recon work or work ...

Creating Metasploit Payloads
By: adrianzxc
August 12, 2016

Often one of the most useful (and to the beginner, underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps to have something that can give you a shell in almost any situation. For each of these payloads, you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for ...

A Quick Overview of Hashcat and oclHashcat
By: Tomislav Balabanov
August 11, 2016

Hashcat password cracker is now made with open source code. The tool let's you recover and crack passwords. It's now the most widely used password cracking tool in the world by professional penetration testers , due to its open source license. Together, Hashcat and oclHashcat are considered the most popular tools used all the time in IT security. They're based ...

Basic File Hashing - Part 2: A Quick Look at Hashing Applications
By: junkwerks
August 11, 2016

In my last article , we looked at manual file hashing from the command line in Linux, OSX and Windows 10. Now, we'll take a simple look at several applications for hashing.First, a note on the terminology of hashes. There are several names for the hash string returned by the cryptologic hashing function. When you hear or see ...

The Many Flavors of Denial of Service
By: V
August 11, 2016

(D)DoS attacks are one of the most disruptive attacks on the internet these days. It all began when some geek somewhere realized he could use a simple ping with its payload increased, or its ping rate set obscenely high in order to stress test and overload network equipment and servers. Disambiguation: DoS is an acronym for Denial of ...

What if the Sysprep Tool Fails?
By: speed10
August 10, 2016

Ever done something at work, then it backfires at you like it has a personal grudge with you?Sysprep can, at times, really mess up your jolly day should it 'decide' to backfire. I've seen a good number of IT Assistants run to format the PC simply because of the "Windows could not finish configuring the system. To attempt to ...

Understand the Cybersecurity Framework
By: Eric
August 10, 2016

Understand the Cybersecurity Framework Framework Overview The Cybersecurity Framework (CSF) is a risk-based approach to addressing information security risk.  The framework is composed of the following components: Framework Core The Framework Core involves actions that meet the requirements and guidelines to address cybersecurity concerns.  The core consists of the following elements: Functions Functions represent basic ...