0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Passwords (Those Things Your Users Tape to Their Monitors)
By: RoninSmurf
June 27, 2016

The intention of this guide is to help educate users on the importance of strong passwords and password practices. Passwords tend to be our first line of defense in securing our personal accounts, information, and livelihood. Ok, to be fair sometimes it's under their keyboards if they are trying to be sneaky about ...

Sunday's Cyber Security Fact - Operation “Get Rich or Die Trying” (June 26, 2016)
By: ginasilvertree
June 26, 2016

Operation “Get Rich or Die Trying” — Beginning in 2005 and for a more than a three year period, American hacker Albert Gonzalez, along with accomplices in Russia and the Ukraine, pulled off what has been called the largest cyber crime of all time, stealing more than 170 million credit card and ATM numbers. Total losses were ...

CyberPop - What Does 'Kill Chain' Mean?
By: ginasilvertree
June 24, 2016

CyberPop is a quick way to learn definitions, terms and facts about cyber security.  Today's Question: What does 'Kill Chain' mean? Kill Chain is a "military-inspired term encompassing the various stages of a cyber attack—reconnaissance, weaponization, delivery, exploitation, installation, command and control, and action. Applies mainly to malware attacks, and was popularized by Lockheed Martin." Never. Stop. Learning. >> Browse ...

CISCO ASA Firewall Commands Cheat Sheet [Part 7]
By: Motasem
June 24, 2016

Hello folks! Here we go with the 7th part of the CISCO ASA Firewall Commands Cheat Sheet. This part will briefly explain how to control your network traffic and prioritize some traffic over others, using QOS. Also, it will give you a simple way to integrate security service modules with ASA to form an Intrusion Prevention System.Let's begin... ...

Infosec 101 - SSH Tutorial
By: GodSpeed
June 23, 2016

The Infosec 101 series is geared towards relatively new members of the information security domain and will include some basic, yet important, concepts. This is the first post in the series.  SSH stands for secured shell. It works on TCP port 22 and is used for remote administration. It's an asymmetric cryptographic protocol and, hence, makes ...

Launch a Client-Side Attack Using Excel Files
By: Chilico
June 23, 2016

Hello Cybrarians, once again,In this article, we'll discuss client-side attacks with Excel files.Client-side attacks are always a fun topic for attackers today. As network administrators and software developers fortify the perimeter, pentesters need to find a way to make the victims open the doors for them to enter the network.Client-side attacks require user interaction, such as enticing victims to ...

Anonymize Yourself on a Network (Change Your MAC Address)
By: sheeraz ali
June 22, 2016

Welcome! Let's get started... Changing the MAC Address with the MAC Changer in Kali Linux As a Hacker, you should know that being anonymous is really important. In some great hacking books, they write that hiding yourself is the first step of hacking. Especially when you're attacking a network, you should know that your physical ...

Machine Learning is Imperative for the Detection and Mitigation of Cyber Threats
By: pankaj1251
June 22, 2016

There's lot of buzz around machine learning. The days aren't far when the machine learned data will be like other commoditized security products such as Antivirus, firewalls, etc. What we largely see in today’s landscape allows enterprises to collaborate with various environments through grid computing and on-demand/on-the-fly platforms. While we're enhancing the business productivity, this is simultaneously ...

Payload Customization with Metasploit
By: S-Connect
June 21, 2016

Why would we need custom payloads? Likely in situations where we launched Metasploit, but no session is created or it seems like the Antivirus software got popped. Being a penetration tester , you have to overcome. It always seems like antivirus software is a hurdle. The best possible way to avoid antivirus software is to use custom payloads.Create your ...

"Done for You" List of Exploit/Exploitation Videos
By: ginasilvertree
June 21, 2016

According to the pentest-standard.org website, "The purpose of the Post-Exploitation phase is to determine the value of the machine compromised and to maintain control of the machine for later use. The value of the machine is determined by the sensitivity of the data stored on it and the machines usefulness in further compromising the network. The methods ...