0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Certifications, Salary Info for a Career in Penetration Testing
By: darkc0de
May 11, 2016

Certifications. Salary Info for a Career in Penetration Testing According to the InfoSec Institute , Professional penetration testers undergo an extensive training that helps them to identify high-risk vulnerabilities, allows testing of network defenders, and helps them to assess the magnitude of potential operational and business ...

Security Compliance Models: Checklists vs. Risk
By: foxpro
May 9, 2016

Introduction There are various of security compliance models that organizations can implement to do business legally and lawfully, adhere to industry standards and appeal to the consumer choice. Each security and compliance model is meant to address specific areas and domains of business. There are models that are required by law, others ...

A Missing Piece That’s Hurting Your Company's Cyber Security Efforts
By: ginasilvertree
May 6, 2016

Take a moment to consider your company’s cybersecurity efforts. Do you picture your IT and security teams devising proactive technical solutions and dealing with threats? If so, that’s a typical and valid response. Yet, there’s another key piece that most companies don’t consider: business process. The ins and outs of how your company works affects cybersecurity more than you know. Ken ...

Next Generation Mobile Hacking Techniques
By: StevenE
May 6, 2016

What is Mobile Hacking? With the alarming rate of advances in technology and affordability, a New Wave of Hackers has reached the shores of the infosec world. And the preferred choice of platform for these next generation hackers?The Mobile Phone .The Mobile Platform is ideal since modern phones are easily concealable and heavily spec'ed, ...

Explanation of DDoS Attacks and SQL Injections
By: Antr4ck
May 6, 2016

In most articles about hacking attacks, you usually learn of attacks by groups like Anonymous, LulzSec and AntiSec. And, you've also heard about websites and platforms that have been hacked, including, Sony for example. But, are you aware of the methods used to break down these services? There are many tools and techniques that some hackers ...

Tradecraft Tuesday – COM Scriptlets and the Squiblydoo Attack
By: kylehanslovan
May 3, 2016

What is Tradecraft Tuesday? Every Tuesday at 12pm ET, Chris Bisnett and Kyle Hanslovan expose the techniques used by hackers. With their 20 combined years in offensive cyber security and digital forensics, Chris and Kyle cover a new topic each week in a LIVE video chat . These unrehearsed conversations allow anyone to join in, ask ...

Exchange: How to Hide Disabled Users from the Global Address List (GAL)
By: xyra
May 3, 2016

When a user leaves the company, often the Exchange mail account is deleted and the user account gets disabled.In this way, the former employee can not access corporate data, but he still appears in the Global Address List (GAL) for internal staff. He can still be selected in the address book and is also still visible in the team calendar.The ...

The Unconventional Guide to Network Security 1.4
By: ram
May 2, 2016

Network Security 1.4 Given a scenario, implement and use common protocols.Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf ) , I’ll go through each one and give details and examples of each so you know what each listed item means.Where I ...

Hacking WPS via Pixie Dust Attack
By: Joshua H.
April 22, 2016

This Cybrary 0P3N submission will cover how to use tools such as aircrack suite, Reaver, Pixiewps, & HT-WPS#B to exploit a WPS vulnerability in certain routers.This attack is carried out on a Machine running Kali Linux. (Kali comes pre-packaged with the mentioned tools aside from HT-WPS#B). Here is a list of vulnerable routers: Spreadsheet of Routers Vulnerable to ...

[PODCAST] Episode 22 The one after the long break
By: CyDefe
April 21, 2016

On this weeks episode we discuss checking for malware in your firmware with Google's VirusTotal, Getting pwned by hearthstone hacking tools, Fake Flash Update Serves OS X Scareware, and the FBI trying to scrub its employees data off of the web.Check out the podcast at https://www.cydefe.com/podcast/2016/4/12/episode-22-the-one-after-the-long-break