0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Collection of Penetesting Lab Notes, 0P3N Posts, Courses and More
By: ginasilvertree
August 3, 2016

“Penetration Testing or Pentesting refers to techniques for actively testing an organization’s computer or network security, usually by identifying potential vulnerabilities and weak spots and trying to exploit those and/or break in.”Below, you'll find information about penetration testing, pentesting labs and tutorials. The information was compiled from Cybrary's 0P3N posts, classes, forums, notes, S3SSI0NS and CH4NN3LS content.  0P3N Posts: ...

Using Wireless Evil Twin and BeEF to Compromise Target Machines
By: entropy1337
August 2, 2016

Hello all, I'm the author of  Infernal Wireless Suite. T oday, I'd like to teach you how to perform an Evil Twin attack, along with utilizing the BeEF Framework to ...

Medical Devices Remain Vulnerable to Cyber Attacks
By: virgaonkara
August 2, 2016

When we talk about vulnerability, usually computing devices come to mind. Now, the scenario of threat is changing. Even the medical industry can be a new target of attackers. Wide use of medical instruments which are directly connected to the internet can work as a free path for attackers. These kind of attempts can cause serious damage to ...

How to Exploit a Poorly Configured SMB
By: Kl4us
August 1, 2016

What's an SMB? SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports and communications abstractions such as named pipes and mail slots between computers. SMB is a client-server, request-response protocol. The only exception to the request-response nature of SMB (that is, where the client makes requests and the server sends back ...

What You Should Know about MAC and IP Addresses
By: nishan8583
August 1, 2016

MAC and IP addresses are two important topics that a person involved in the Computer Networking   and Computer Security fields should know about.These topics are discussed below.  1.MAC Address A MAC address is a address that is burned into the hardware itself during the manufacturing period and it cannot be changed. MAC addresses are 48 ...

How To Read Email Headers and Find Internet Hosts
By: S-Connect
July 31, 2016

Now, some of you may think headers are too simple or boring to waste time on. However, a few weeks ago I asked the 3000+ readers of the Happy Hacker list if anyone could tell me exactly what email tricks I was playing in the process of mailing out the Digests. But, not one person replied with a complete ...

CyDefe podcast update.
By: CyDefe
July 30, 2016

Hey hey everyone,It's been a little while since we've last posted but we figured we should pop on here and give everyone an update on our podcast.Since we've last posted we've had a few awesome episodes come out.Minicast: 1 https://www.cydefe.com/podcast/2016/5/20/minicast-episode-1On this episode we discuss the linked in breach and its impact on users. We advise everyone to change any passwords they ...

What You Should Know About Cryptography
By: mrNayaNi
July 29, 2016

INTRODUCTION: Hello all, this article is about Cryptography.We're going to talk about: What is Cryptography Goals of Cryptography What is Encryption What is Decryption Asymmetric Encryption Symmetric Encryption ...

Part 2: Bypass a Web Application Firewall (WAF)
By: S-Connect
July 29, 2016

Function Capitalization Technique:- For those WAF's, which filter only lowercase, we can easily bypass: Query! https://lxy.com/cost.php?id=90 UNION SELECT 1,2,3— Bypass! http://lxy.com/cost.php?id=-90 uniOn SeLeCt 1,2,3—  Replaced Keywords Technique:- For those WAF's, which escape certain keywords such as UNION, SELECT, ORDER BY, and so on: Query! http://abcxyz.com/itemdetail.php?id=-57 UNION SELECT 1,2— Bypass! http://abcxyz.com/itemdetail.php?id=-57 UNIunionON SEselectLECT 1,2—Sqlihttp://xyz.com/pricing.php?id=32 union all select 1,2,3—-By passed Sqlihttp://xyz.com/pricing.php?id=32 /!UNION/ +/!ALL/+/!SELECT/+1,2,3—-  Stay ...

Prashant's Algorithm for Password Management
By: Prashant Kumar Dey
July 28, 2016

Prashant's Algorithm for Password Management Introduction We've seen many forms of Social Engineering Attacks (SEA). The main aim of these SEA are to exploit the human vulnerability. The biggest vulnerability in Cyber Security is the human. Consider the following: There's significant increase in websites and, without ...