0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

[podcast] "Moxie vs Mechanisms": The Over-Dependence on Tools and Automation
By: BrBr
February 11, 2016

This week starts with an apology to Michael Gough about comments I (Bryan) mangled on the "Anti-Virus... What is it good for?" podcast. Then we get into the meat of our topic... a person's "Moxie" vs. a mechanismMoxie: noun"force of character, determination, or nerve." Automation is a great thing. It allows us to do a lot more work with less personnel, ...

Same-Site Scripting: The Lesser-Known Vulnerability
By: vinothpkumar
February 9, 2016

Hi Readers,It's quite possible that a sub-domain has a "loop back" address, i.e. 127.0.0.1. Many security researchers and developers may not be aware of this lesser-known vulnerability.Imagine a scenario where a user has to access "subdomain.example.com". If the sub domain is configured with address 127.0.0.1 and, if the user is already running a service on their localhost (Eg. Xamp/Wamp ...

The Complete Alphabetical List of Kali Linux Commands
By: Harold Finch
February 9, 2016

The Complete Alphabetical List of Kali Linux Commands   a apropos Search Help manual pages (man -k) apt-get Search for and install software packages (Debian) aptitude Search for and install ...

Basic Hacking with Firefox (Part 2): Data Intercepting
By: Hacker542
February 9, 2016

In Part 1 , we saw how to view and collect different information about websites using HttpFox, User-Agent Switcher, RefControl. In this session, we'll learn how to use this information to exploit and perform a simple hack of a website.The basic aim is to intercept the data to hack the websites using different tools and extensions of the ...

Social Engineering Targets People Rather than Computer Systems
By: ruparaj
February 9, 2016

Today, social engineering attacks can happen through electronic means such as email, websites etc. and in person (the old-fashioned way).  In-Person Approaches In-person social engineering attacks could include an attacker impersonating co-workers, police, financial authorities, insurance investigators etc. The social engineer might ask the target for important information, like passwords. "The finance manager asked ...

A Quick Breakdown of the OSI Model Layers and Services
By: Wings
February 9, 2016

Open System Interconnection (OSI) is a protocol and set of rules for communication.In order to get data over the network - such as an email from your computer to some computer at the other end of the world - lots of different hardware and software needs to work together.All these pieces of hardware and the different software programs speak ...

Intro to Win64 Assembly and Process Dumping
By: current_user
February 4, 2016

Recently I've checked out the "Intro to Malware Analysis and Reverse Engineering" course by Sean Pierce. Inspired by his contribution and taking a rest from my current activities, I also decided to share something with you. What I noticed is that Sean references rather outdated tools in his videos. Windows XP? Really? Well, it's a pretty good debugger, I can't ...

Windows 8/8.1 Password Reset with a Windows 8/8.1 DVD and CMD
By: Pieter J.
February 4, 2016

Today I'd like to share what I have learned in a in a sticky situation. I was busy with a customer's laptop and it turned off due to a low battery. When I turned it back on after connecting the charger, I discovered the laptop had a password, which I forgot to ask the customer for. So, following ...

[podcast] Dropbox Chief of Trust and Security Patrick Heim!
By: BrBr
February 1, 2016

[caption id="" align="alignnone" width="478"] Patrick Heim, Chief of Security and Trust at Dropbox[/caption]Brakeing Down#Security had the pleasure of having Patrick Heim join us to discuss a number of topics. What stops many traditional#companies from moving into #cloud based operations? What hurdles do they face, and what are some pitfalls that can hamper a successful #migration?We touched briefly on#BYOD ...

Encrypting the Net: Use "Let’s Encrypt" SSL to Set Up Secure Website Traffic
By: Krintoxi
February 1, 2016

Hello,This guide comes out of inspiration from the Course offered here not too long ago: SSL Traffic: The Cyber Criminal’s Best Friend Instructed By Darrin Coulson. I'll start with a bit of basic background knowledge you should have on what SSL (Secure Sockets Layer) Encryption is, and how it benefits us. SSL (Secure Sockets Layer) is ...