0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

METASPLOIT/ METASPLOITABLE2
By: @vinea
March 14, 2016

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools. After the virtual machine boots, login to console with username msfadmin and password msfadmin. From the shell, run the ifconfig command to identify the IP address. To get your IP address you must configure VM on Bridge adapter mode.eth0 ...

CCNA - ICND1-001
By: layman
March 10, 2016

** Cisco Certified Networking Associate (CCNA) is an entry point for a future networking professional. It gives us an overview of the networking world and provides us with a solid foundational knowledge in the area.CCNA consists of two exams: ICND1 and ICND2. Upon successful completion of ICND1 you become a Cisco Certified Entry-level Networking Technician (CCENT). CCENT combined with ...

The Nmap Scanning Guide
By: Bl4CksPId3r
March 10, 2016

"Nmap (Network Mapper) is a security scanner originally written by Gordon Lyon (also known by his pseudonym Fyodor Vaskovich) used to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses. The software provides a number of ...

[podcast] R-CISC Exec. Dir. Brian Engle, on threat intel
By: BrBr
March 9, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-009-brianenglerciscinformationsharing.mp3[/embed]We've reached peak "Br[i|y]an" this week when we invited our friend Brian Engle on to discuss what his organization does. Brian is the Executive Director of the Retail Cyber Intelligence Sharing Center - R-CISC."Created by retailers in response to the increased number and sophistication of attacks against the industry, the R-CISC provides another tool in retailers’ arsenal against cyber criminals ...

[podcast] History of DNS, DNS reconnaissance in pentests, and protecting your DNS infrastructure
By: BrBr
March 7, 2016

[embed]https://traffic.libsyn.com/brakeingsecurity/2016-010-DNS_Reconnaissance.mp3[/embed] DNS... we take it for granted... it's just there. And we only know it's broken when your boss can't get to Facebook.This week, we discuss the Domain Naming System (DNS). We start with a bit of history, talking about the origins of DNS, some of the RFCs involved in it's creation, how it's hierarchical structure functions to allow resolution to ...

Configure Two-Factor Authentication for SSH (Linux) in 8 Steps
By: solhuebner
March 7, 2016

Let's begin! 1 - Make sure the server time is correct. 2 - Configure NTP: apt-get install ntp service ntp reload ntpq -p  3 - Install the package that enables two-factor authentication. You can find the project here: https://github.com/google/google-authenticator 4 -Configure two-factor authentication: apt-get install libpam-google-authenticator vi /etc/pam.d/sshd Add the following line on top: ...

The Era of False Secure IT Advertising and Consumers at Large
By: zTribialCoders
March 7, 2016

“The Era of False Secure IT Advertising and The Consumers At Large” – by jim white, Cybrary librarian student.) One of my favorite passions is the study of law in a hobby sort of way. Maybe because I am a certified veterans paraprofessional, a kind of paralegal for Veterans laws, tasked to protect the veterans, widows and orphans. ...

Windows XP Netapi Exploitation
By: GodSpeed
March 7, 2016

In this article, I'll show you how easily you can exploit a system running Windows XP using the Netapi exploit.Before we start, you might be wondering why you'd exploit an old version of Windows. My answer is: you gotta take baby steps before you can run. Lab Setup:-> A Windows XP virtual machine with SP2/SP3 (I used SP2)->A Kali Virtual ...

Cybersecurity Hacks That Should Have Taught Us a Lesson
By: Batwoman
March 4, 2016

Observing and taking note of a cybercrime method doesn't always equate to taking proactive actions against it. While this might sound like companies and organizations simply aren’t paying attention, it has more to do with their belief that their existing protection against cybercrime is enough to avoid a breach. There ...

Cyber Security Degrees Remain Critical, Though Certs Drive the Industry
By: ryan c
March 3, 2016

Diving a little deeper Previously, I've written about the value of cyber security degrees and wanted to dive a little deeper into this topic. Lately, I have had a series of conversations on this topic. The opinion I've formed on the subject seems to represent a large consensus.Many jobs in cyber security require people to have a certification. ...