0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Secure Public Key Encryption: Android Key Generation and Server Encryption
By: prometheus
July 19, 2016

Hello everyone!This article depicts a specific problem I encountered on one of my recent projects. The main problem was: ONE of my project modules had a specific functionality, which involved key generation on an Android device. The public key is transmitted to the web server, which then uses public key sent to encrypt the requisite secret and display the encrypted ...

OSINT Tricks - A Quick Guide to Image Research
By: em
July 19, 2016

"Pics" (Photos, Logos, Icons, Maps) can be of great value in OSINT Investigations. This post is a roundup of resources and tricks. It will guide you on how to search, find, get, scrape and analyze digital images. Basic Search If you're searching for images, there is more than Google. All big search engines have an image-search feature: ...

Tradecraft Tuesday – AWS Cloud Hijacking
By: kylehanslovan
July 19, 2016

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat . These unrehearsed conversations allow anyone to learn, ask questions, ...

How to Start Your Security Specialist Career
By: Jason Moon
July 18, 2016

Struggles and challenges becomes more difficult if you don't know where to start. If you graduated from a very promising school, but don't have the required experience and skills need to land the job, the chances of your resume being viewed by prospective employers might be slim. Information from this article is based from my personal experience and from experiences ...

Part 1: XSS Exploitation and Code Analysis
By: Chilico
July 18, 2016

Today, I'll solve the XSS challenges from the "Web For Pentesters" vulnerable app and analyze the code behind what we see.  Let's start... Example 1: What does the code above do? It GET's the parameter "name" and echoes it back to the user. Also. we will not see any input sanitization on this example, so ...

Free and Useful Tools for DNS and Network Troubleshooting
By: 5kYp01n7
July 18, 2016

Free and Useful Tools for DNS and Network Troubleshooting When troubleshooting network or DNS problems related to your website, server or other online services, free and useful tools can help you reduce your troubleshooting time.I'll go through five categories of functionality, covering tools that let you: Perform DNS lookups Perform ...

Sunday’s Cyber Security Fact: Apple iOS Users Face More Risk (July 17, 2016)
By: ginasilvertree
July 17, 2016

"Thanks to Apple’s tight control over its app store and operating system, threats to iPhones and iPads have been infrequent and limited in scale. This changed in 2015. In 2015, [Symantec] identified nine new iOS threat families,compared to four in total previously. Bootlegged developer software, ...

A Cautionary Tale about PHP Secure Coding Techniques
By: V
July 15, 2016

Common Methods to Secure PHP Application Input Data PHP is one of the most versatile languages in recent history for web applications, sites and services. But, this versatility means it also has large vectors for exploitation and attack, which has led many to scrutinize the language as flawed or insecure by design.However, this is a belief created and ...

CyberPop – What is SIEM?
By: ginasilvertree
July 15, 2016

CyberPop is a quick way to learn definitions and facts about cyber security.  Today’s Question: What's SIEM Answer: The combined process of incident detection and incident response (pronounced “sim”). Includes features such as alerts, analytics, dashboards and forensic analysis.  Learn more terms in Cybrary's Glossary .

What's Fog Computing?
By: kartik571995
July 14, 2016

Hi All!  Today, I’m going to share something about the new Cloud Technology called “The Fog Computing.” Applications such as health-monitoring or emergency response require near-instantaneous response and the delays caused by contacting and receiving data from a cloud data-center can be highly problematic.“Fog Computing” is a response to this challenge. The basic idea is to shift ...