0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

How to Exploit a Poorly Configured SMB
By: Kl4us
August 1, 2016

What's an SMB? SMB, which stands for Server Message Block, is a protocol for sharing files, printers, serial ports and communications abstractions such as named pipes and mail slots between computers. SMB is a client-server, request-response protocol. The only exception to the request-response nature of SMB (that is, where the client makes requests and the server sends back ...

What You Should Know about MAC and IP Addresses
By: nishan8583
August 1, 2016

MAC and IP addresses are two important topics that a person involved in the Computer Networking   and Computer Security fields should know about.These topics are discussed below.  1.MAC Address A MAC address is a address that is burned into the hardware itself during the manufacturing period and it cannot be changed. MAC addresses are 48 ...

How To Read Email Headers and Find Internet Hosts
By: S-Connect
July 31, 2016

Now, some of you may think headers are too simple or boring to waste time on. However, a few weeks ago I asked the 3000+ readers of the Happy Hacker list if anyone could tell me exactly what email tricks I was playing in the process of mailing out the Digests. But, not one person replied with a complete ...

CyDefe podcast update.
By: CyDefe
July 30, 2016

Hey hey everyone,It's been a little while since we've last posted but we figured we should pop on here and give everyone an update on our podcast.Since we've last posted we've had a few awesome episodes come out.Minicast: 1 https://www.cydefe.com/podcast/2016/5/20/minicast-episode-1On this episode we discuss the linked in breach and its impact on users. We advise everyone to change any passwords they ...

What You Should Know About Cryptography
By: mrNayaNi
July 29, 2016

INTRODUCTION: Hello all, this article is about Cryptography.We're going to talk about: What is Cryptography Goals of Cryptography What is Encryption What is Decryption Asymmetric Encryption Symmetric Encryption ...

Part 2: Bypass a Web Application Firewall (WAF)
By: S-Connect
July 29, 2016

Function Capitalization Technique:- For those WAF's, which filter only lowercase, we can easily bypass: Query! https://lxy.com/cost.php?id=90 UNION SELECT 1,2,3— Bypass! http://lxy.com/cost.php?id=-90 uniOn SeLeCt 1,2,3—  Replaced Keywords Technique:- For those WAF's, which escape certain keywords such as UNION, SELECT, ORDER BY, and so on: Query! http://abcxyz.com/itemdetail.php?id=-57 UNION SELECT 1,2— Bypass! http://abcxyz.com/itemdetail.php?id=-57 UNIunionON SEselectLECT 1,2—Sqlihttp://xyz.com/pricing.php?id=32 union all select 1,2,3—-By passed Sqlihttp://xyz.com/pricing.php?id=32 /!UNION/ +/!ALL/+/!SELECT/+1,2,3—-  Stay ...

Prashant's Algorithm for Password Management
By: Prashant Kumar Dey
July 28, 2016

Prashant's Algorithm for Password Management Introduction We've seen many forms of Social Engineering Attacks (SEA). The main aim of these SEA are to exploit the human vulnerability. The biggest vulnerability in Cyber Security is the human. Consider the following: There's significant increase in websites and, without ...

Python Programming For Hackers (Part 5) - Cracking Zipped Passwords
By: bjacharya
July 28, 2016

Welcome to next part, Python Programming For Hackers (Part 5) - Cracking Zipped Passwords   > Before starting, you must be familiar with .RAR and .ZIP > This process quickly tries for different passwords. If it misses, then it moves to the next one. If the password matches, then the zip file is easily extracted.   ...

A Comprehensive Guide to TCP/IP
July 27, 2016

This is a comprehensive guide to TCP/IP. I'll try to keep it as concise as possible. It may to be too simple for some of you.If you need all the TCP/IP details, go to your local bookstore and buy on of these books with 1000+ pages on TCP/IP. We'll gloss over the history of TCP/IP and the Internet, unless ...

[podcast] Cheryl Biswas discusses TiaraCon, Women in Infosec, and SCADA vendor headaches
By: BrBr
July 27, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-028-CherylBiswasTiaraconICSSCADAheadaches.mp3[/embed] Long time listeners will remember Ms. Cheryl#Biswas as one of the triumvirate we had on to discuss #mainframes and mainframe #security. ( http://traffic.libsyn.com/brakeingsecurity/2016-008-mainframe_secruity.mp3) I was interested in the goings on at BlackHat/DefCon/BsidesLV, and heard about#TiaraCon (@tiarac0n on Twitter). I went to find someone involved to understand what it was all about, and Ms. Cheryl reached out. She's an #organizer and ...