0P3N Blog

There's lot of buzz around machine learning. The days aren't far when the machine learned data will be like other commoditized security products such as Antivirus, firewalls, etc. What we largely see in today’s landscape allows enterprises to collaborate with various environments through grid computing and on-demand/on-the-fly platforms. While we're enhancing the business productivity, this is simultaneously ...

Why would we need custom payloads? Likely in situations where we launched Metasploit, but no session is created or it seems like the Antivirus software got popped. Being a penetration tester , you have to overcome. It always seems like antivirus software is a hurdle. The best possible way to avoid antivirus software is to use custom payloads.Create your ...

According to the pentest-standard.org website, "The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods ...

Applying The NIST Risk Management Framework There are a number of approaches to managing risk. I chose to focus on this approach because it's free to use and the supporting documentation is readily available. Managing risk is a complex process and requires the input from the whole organization. There are three tiers associated with the respective portions of ...

Welcome back Cybrarians, In the hacking world, being stealthy and undetectable is the number one priority after anonymity. Creating custom attacks that seem very real is an art that needs creativity and patience. Fooling the user into the hacker’s trap is not easy as the old days.Therefore, new ways are created to cover all ...

Angler Manages to Infect more than One Million Workstations a Year "There is a common misconception that a user explicitly needs to download a malicious file in order to get his PC infected. Exploit kits use a technique called drive-by-downloads. With this technique, malicious software can be ran just by opening a website in your ...

Here's something that I learned from my CISCO class that makes things a lot easier.You're given an IP range of 192.168.0.0 and must create a domain that has five subnets - pockets of devices on the network that are separate from each other so that no one can interfere with another departments data or devices. You know ...

Assets are categorized as information, systems, devices, facilities and personnel. Any entity, whether it's an individual, a group of individuals or a corporation wants to protect these assets from failures, accidents and bad actors by using Identity and Access Management (IAM). In any given IAM situation, there's the concept of subject and object. The subject ...

Hello my great geeks on Cybrary. Before anything else, I'd like to thank all of you for the feedback you guys have given. This keeps me motivated and helps me write better content every day.This article about TOR is the last article in my series on different security technologies like Proxies and VPN's. If you want to check my previous ...

In this guide, I'll walk you through setting up a pentesting USB drive that also works well for other IT professionals.Fortunately, the days of carrying around a CD binder full of your various tools are long gone. With the lower prices of USB drives and their increased capacity, you can easily keep a large number of tools ...