0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

How to Cultivate an Info Sec Mindset
By: foxpro
May 13, 2016

Do you have an information security mindset?   Consider these scenarios: Yesterday, I received a PDF form to fill out from a mortgage company that required me to provide my social security number and send the document as an email attachment. The other day, I downloaded an ISO file over an HTTP connection and ...

Is the Android World Secure?
By: Dr3AMCoDeR
May 13, 2016

Hello dear Cybrary people! Thank you for your great support! I'm back with another interesting article today. Since most of you were asking me different security questions  lately, and most of them are related to Android, I'd like to share my view and experiences on Android as a platform.As you may know, Android is a mobile operating system (OS) currently ...

CISCO ASA Firewall Commands Cheat Sheet [Part 1]
By: Motasem
May 12, 2016

Let's begin...   Configuring trunk link and sub-interfaces between ASA and Switch On the outside physical interface of switch1:             Interface f0/10             Switchport mode trunk             No shutdown ...

Certifications, Salary Info for a Career in Penetration Testing
By: darkc0de
May 11, 2016

Certifications. Salary Info for a Career in Penetration Testing According to the InfoSec Institute , Professional penetration testers undergo an extensive training that helps them to identify high-risk vulnerabilities, allows testing of network defenders, and helps them to assess the magnitude of potential operational and business ...

Security Compliance Models: Checklists vs. Risk
By: foxpro
May 9, 2016

Introduction There are various of security compliance models that organizations can implement to do business legally and lawfully, adhere to industry standards and appeal to the consumer choice. Each security and compliance model is meant to address specific areas and domains of business. There are models that are required by law, others ...

A Missing Piece That’s Hurting Your Company's Cyber Security Efforts
By: ginasilvertree
May 6, 2016

Take a moment to consider your company’s cybersecurity efforts. Do you picture your IT and security teams devising proactive technical solutions and dealing with threats? If so, that’s a typical and valid response. Yet, there’s another key piece that most companies don’t consider: business process. The ins and outs of how your company works affects cybersecurity more than you know. Ken ...

Next Generation Mobile Hacking Techniques
By: StevenE
May 6, 2016

What is Mobile Hacking? With the alarming rate of advances in technology and affordability, a New Wave of Hackers has reached the shores of the infosec world. And the preferred choice of platform for these next generation hackers?The Mobile Phone .The Mobile Platform is ideal since modern phones are easily concealable and heavily spec'ed, ...

Explanation of DDoS Attacks and SQL Injections
By: Antr4ck
May 6, 2016

In most articles about hacking attacks, you usually learn of attacks by groups like Anonymous, LulzSec and AntiSec. And, you've also heard about websites and platforms that have been hacked, including, Sony for example. But, are you aware of the methods used to break down these services? There are many tools and techniques that some hackers ...

Tradecraft Tuesday – COM Scriptlets and the Squiblydoo Attack
By: kylehanslovan
May 3, 2016

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat . These unrehearsed conversations allow anyone to join in, ask ...

Exchange: How to Hide Disabled Users from the Global Address List (GAL)
By: xyra
May 3, 2016

When a user leaves the company, often the Exchange mail account is deleted and the user account gets disabled.In this way, the former employee can not access corporate data, but he still appears in the Global Address List (GAL) for internal staff. He can still be selected in the address book and is also still visible in the team calendar.The ...