0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Identity Secret: How to Become a Ghost Hacker with Proxychains
By: Z33MAX
August 16, 2016

Welcome Back, Cybrarians!!!! When it comes to hacking remotely, the number one priority that comes to a hacker’s mind is how to stay anonymous and operate under the radar in order to be safe. Anonymity is a big topic in the digital world that becomes complicated as technology advances. However, achieving a complete anonymity ...

Tradecraft Tuesday - Mobile Exploitation
By: kylehanslovan
August 16, 2016

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat . These unrehearsed conversations allow anyone to learn, ask questions, ...

Python Programming For Hackers (Part 6) - Creating SSH Botnet
By: bjacharya
August 16, 2016

And again, Hello Cybrarians ! Python Programming For Hackers (Part 6) - Creating SSH Botnet In this part, I'll talk some theory on Botnet and then we'll see a basic SSH Botnet (including Python scripts and coding). > Before going to SSH Botnet, let's see the definition of Bot/Botnet first. Bot   Actually, ...

Hashing Using the OpenSSL Toolkit
By: junkwerks
August 15, 2016

In part 1 of this series discussing hashing, we explored how to run hashing commands from the command-line in Linux, OSX, and Windows 10. Part 2 took a more global overview of hashing and its uses. In this, part 3, we'll look at one more way to produce a hash via the command-line in most variations of opensource *nix ...

Understanding ISO 27001 - An Information Security Standard
By: saki76
August 15, 2016

Over the last few months, I have been reading about various IT and InfoSec frameworks such as COBIT , NIST CyberSecurity framework and ISO 27001 as well as CIS Critical Security Controls to find a suitable framework to implement in my organization. ISO 27001 is one of ...

Custom Python Script: Webscraping with Mechanize and Beautifulsoup
By: prometheus
August 12, 2016

Hello, fellow Cybrarians!I'm back with another post. With this script, we're gonna mainly scrap websites without actually interacting with the browser!  Why web scraping? What's in it for me? Webscraping has an advantage when it comes to faster analysis of data or spidering a whole website for important links, which may interest you during your recon work or work ...

Creating Metasploit Payloads
By: adrianzxc
August 12, 2016

Often one of the most useful (and to the beginner, underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps to have something that can give you a shell in almost any situation. For each of these payloads, you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for ...

A Quick Overview of Hashcat and oclHashcat
By: Tomislav Balabanov
August 11, 2016

Hashcat password cracker is now made with open source code. The tool let's you recover and crack passwords. It's now the most widely used password cracking tool in the world by professional penetration testers , due to its open source license. Together, Hashcat and oclHashcat are considered the most popular tools used all the time in IT security. They're based ...

Basic File Hashing - Part 2: A Quick Look at Hashing Applications
By: junkwerks
August 11, 2016

In my last article , we looked at manual file hashing from the command line in Linux, OSX and Windows 10. Now, we'll take a simple look at several applications for hashing.First, a note on the terminology of hashes. There are several names for the hash string returned by the cryptologic hashing function. When you hear or see ...

The Many Flavors of Denial of Service
By: V
August 11, 2016

(D)DoS attacks are one of the most disruptive attacks on the internet these days. It all began when some geek somewhere realized he could use a simple ping with its payload increased, or its ping rate set obscenely high in order to stress test and overload network equipment and servers. Disambiguation: DoS is an acronym for Denial of ...