0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

[podcast] R-CISC Exec. Dir. Brian Engle, on threat intel
By: BrBr
March 9, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-009-brianenglerciscinformationsharing.mp3[/embed]We've reached peak "Br[i|y]an" this week when we invited our friend Brian Engle on to discuss what his organization does. Brian is the Executive Director of the Retail Cyber Intelligence Sharing Center - R-CISC."Created by retailers in response to the increased number and sophistication of attacks against the industry, the R-CISC provides another tool in retailers’ arsenal against cyber criminals ...

[podcast] History of DNS, DNS reconnaissance in pentests, and protecting your DNS infrastructure
By: BrBr
March 7, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3[/embed] DNS... we take it for granted... it's just there. And we only know it's broken when your boss can't get to Facebook.This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it's creation, how it's hierarchical structure functions to allow resolution to ...

Configure Two-Factor Authentication for SSH (Linux) in 8 Steps
By: solhuebner
March 7, 2016

Let's begin! 1 - Make sure the server time is correct. 2 - Configure NTP: apt-get install ntp service ntp reload ntpq -p  3 - Install the package that enables two-factor authentication. You can find the project here: https://github.com/google/google-authenticator 4 -Configure two-factor authentication: apt-get install libpam-google-authenticator vi /etc/pam.d/sshd Add the following line on top: ...

The Era of False Secure IT Advertising and Consumers at Large
By: zTribialCoders
March 7, 2016

“The Era of False Secure IT Advertising and The Consumers At Large” – by jim white, Cybrary librarian student.) One of my favorite passions is the study of law in a hobby sort of way. Maybe because I am a certified veterans paraprofessional, a kind of paralegal for Veterans laws, tasked to protect the veterans, widows and orphans. ...

Windows XP Netapi Exploitation
By: GodSpeed
March 7, 2016

In this article, I'll show you how easily you can exploit a system running Windows XP using the Netapi exploit.Before we start, you might be wondering why you'd exploit an old version of Windows. My answer is: you gotta take baby steps before you can run. Lab Setup:-> A Windows XP virtual machine with SP2/SP3 (I used SP2)->A Kali Virtual ...

Cybersecurity Hacks That Should Have Taught Us a Lesson
By: Batwoman
March 4, 2016

Observing and taking note of a cybercrime method doesn't always equate to taking proactive actions against it. While this might sound like companies and organizations simply aren’t paying attention, it has more to do with their belief that their existing protection against cybercrime is enough to avoid a breach. There ...

Cyber Security Degrees Remain Critical, Though Certs Drive the Industry
By: ryan c
March 3, 2016

Diving a little deeper Previously, I've written about the value of cyber security degrees and wanted to dive a little deeper into this topic. Lately, I have had a series of conversations on this topic. The opinion I've formed on the subject seems to represent a large consensus.Many jobs in cyber security require people to have a certification. ...

Apple's Battle for Privacy
By: Rattar
March 3, 2016

Recently in the news, there have been many reports that say that the FBI is fighting Apple. FBI stated that they want Apple to create a backdoor for Apple devices to catch terrorists. The FBI even pressured Apple, but they responded with a public letter stating that they will not create the backdoor and there is a good reason why...security. ...

A Quick Way to Check Encryption on WiFi Connections
By: Stickman
March 2, 2016

Here's quick way check the encryption of your WiFi connections:   1 - Open your terminal in Linux and run the following command: Find the ID for your wireless adapter, run ifconfig, scroll down until you see WLAN followed by number. Most of the time it would be wlan0 2 - After ...

Psychological Reconnaissance
By: CyberRat
March 2, 2016

As most of you know, social engineering can be exceptionally powerful. In all cases, a social engineering assault is only as good as the engineer. Every fruitful hack - technical or socially engineered - must have been supported by reconnaissance. This kind of reconnaissance we're discussing here isn't recon of a machine, but of the victim. Recon for social engineering ...