0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Part 2: Creating Modules for Juliar in Python
By: Rattar
September 3, 2016

clearThis tutorial is continuation of Part 1: Creating Juliar Modules in Python.If you have no idea what's going on check out the previous part. https://www.cybrary.it/0p3n/part-1-creating-juliar-modules-python/ Pre-requisites: You must have read first part of tutorial You must have PythonDevKit downloaded You must be able to work your brain ...

Tutorial: Local File Inclusion to Command Execution
By: Chilico
September 2, 2016

Some information from this article has been used from the InfoSec Institute As you probably know , LFI attack's allow the attackers to view local files on a server but is not limited to that. With LFI we can also get a shell (sometimes) . There is several ways to manage that and here i will focused on ...

Simulating A Real Lab Environment for Pen Testing (Part 1)
By: jahankohan
September 1, 2016

Hi Guys,Today I'm going to show you how to build a real lab for pen testing.As all of you know, pen testing in the real world is not just dealing with 2 vms, one for an attacker and the other for the victim. In the real world, we should deal with a network, and in standard networks there are ...

The Guessability of Passwords
By: maggiee
September 1, 2016

Recently, over a family dinner, my aunt asked me how she could choose passwords that are secure. I responded with the usual advice: no words, especially not names; use a long passphrase, length really does matter; and so on. Until yesterday, though, I was unfamiliar with a formal metric for password “guessability”. In the course of ...

How to Test and Exploit SQL Injections in URL Rewrite Rules
By: Babak Esmaeili
August 31, 2016

First of all, what is URL rewrite?You've likely seen sites with this schema in URLs: https://victim.com/?id=1 Most everyone knows how to test for SQL injection in this situation ---> http://mysite.com/?id=1' or http://mysite.com/?id=1 and 2.5=2.5 or http://mysite.com/?id=1 and 3.4=3.5 and etc.But, in URL rewrites, this UR http://victim.com/?id=1 will become http://victim.com/1 ,{id ...

Part 1: Creating *Juliar * Modules in Python
By: Rattar
August 30, 2016

With the release of Juliar Alpha 10 , you can now make modules for Juliar in any language! This means that you can use your favorite language to create modules.This tutorial assumes you know basics of Juliar . If you don't, check out the following tutorials: https://www.cybrary.it/0p3n/programming-with-juliar/ https://www.cybrary.it/0p3n/programming-with-juliar-part-2/ https://www.cybrary.it/0p3n/using-juliars-encryption-module/ At the time ...

Remove Users from Your Network Using Airmon-ng
By: Tomislav Balabanov
August 30, 2016

Today, I'll demonstrate to you how you can remove someone from your network. This article is for educational purposes only.I will separate this tutorial into steps, so it's simple to understand.Let's start...  STEP 1: Put our WiFi card in monitoring mode: Open terminal Type: airmon-ng start wlan0 That's ...

The First Line of Defense to Consider
By: prabesh8583
August 29, 2016

We all are living in this computer era where data has been everything in our life. So this is the time where we cannot trust anyone. Anyone can plan and attack our system in order to steal our data. So we must have to be alert all the time. In order to be ready from these attacks, ...

OSI Model Refresher
By: foxpro
August 29, 2016

I have met so many people in the software industry that don’t understand the OSI model. It's only when you understand the OSI model, you can say that you now understand how the Internet works. There are many examples and explanations on this topic, but none of them paint a simple picture that you can memorize and recall ...

CyDefe Cyber Security Podcast Mini Episode 4
By: CyDefe
August 28, 2016

On this episode Micheal and i talk about CVE-2016-5696 better known as the off path attack. You can listen to our podcast on our website cydefe.com or via our youtube channel below. If you enjoy our podcast please subscribe to our channel and follow us on twitter . [embed]https://youtu.be/zJiu7yg9QpM[/embed] Show Notes: in ...