0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Bypass SSH /bin/false Shell
By:
January 1, 2016

Is it possible to get a remote shell with ssh, if it is set to /bin/false instead of bash? is there a way to exploit ssh port forwarding (not DOSing)? If you're already on the system via another user: sudo -u username /bin/bash Also, you could backdoor /bin/false A good read: https://commandline.ninja/2012/05/06/binfalse-sbinnologin-and-ssh/ Thanks, Adam, very interesting link!

Bypass All Anti-viruses By Encrypted Payloads With C#
By:
January 1, 2016

Some people asked me about how you can bypass all AV anti-viruses? My answer is: very simple article : Bypass all anti-viruses by Encrypted Payloads with C# link: https://www.linkedin.com/pulse/bypass-all-anti-viruses-encrypted-payloads-c-damon-mohammadbagher?trk=pulse\_spock-articles Hi, thanks for this amazing article, where can i get this source code or is there a specific course talks about how to write and build such that algorithm?

Buscador Linux VM For OSINT
By:
January 1, 2016

Buscador Investigative Operating System Buscador is a Linux Virtual Machine that is pre-configured for online investigators. It was developed by David Westcott and Michael Bazzell, and distributions are maintained on this page. The current build is 3GB and includes the following resources (Further Info): Custom Firefox Install and Add-Ons Custom Chrome Install and Extensions Tor Browser Custom Video Manipulation Utilities ...

Burp Suite Vs Beef Erowser Exploit?
By:
January 1, 2016

Hi you all, Please can someone explain to me: a) difference between these two? b) When and whay you would use one and not the other? By this I mean what BeEf do that Burp can't and vise-versa. Thanks I'll be honest, I haven't used BeEF much, but BeEF looks to me to be more related to targeting web browsers, while ...

Bug Bounty!
By:
January 1, 2016

I came to know that many pen-testers are earning money by finding exploits in any organizations, web services, websites etc., Can any one tell me how they find the bugs or exploits and get rewarded! Please can you give me an example Thank You. Recon is the most essential part of it. In other words you scan the target for weeks ...

BruteForce Script For POP3 Server In Python
By:
January 1, 2016

Hi! I´d like to share my blog with you: https://mamaquieroserpentester.blogspot.com.ar/2015/06/armando-nuestro-script-de-fuerza-bruta.html Here, you will find a little script to try users and passwords against a POP3 server. Enjoy! Hey, don't you think it would be more useful for everyone when your blog is in english? @cz3kit : it probably would be more useful if it were in english, but it not being in ...

Brute Force Password Tools List
By:
January 1, 2016

Brute Force Password Testing THC Hydra - https://github.com/vanhauser-thc/thc-hydra A very fast network logon cracker which support many different services. See feature sets and services coverage page - incl. a speed comparison against ncrack and medusa. Brutus - https://technosnoop.com/2016/03/download-password-cracker-brutus/ Brutus is one of the fastest, most flexible remote password crackers you can get your hands on - it's also free. It ...

BlackArch Linux (v. Kali)
By:
January 1, 2016

Greetings, all. I've seen Kali Linux mentioned often here (not a surprise). I'm using BlackArch, a version of Arch with a full suite of pentesting tools. Will this be adequate for taking this course or should I install Kali in a VM? Is anyone else using (or had experience with) BlackArch? TIA. Which ever you feel comfortable with linux commands ...

Best Phone For Hacking ?
By:
January 1, 2016

i am bored with my old smart phone & i was thinking about buying a new one but this time i was thinking about a phone which i can use for pentesting i do have a laptop for hacking but.. laptop is heavy + when ever i open lappy all people around me are like "WTF are you doing..?" & ...

Best Path To Certified Ethical Hackers CEH?
By:
January 1, 2016

Just got a BS in Computer Science, I'm under 25. I have A+, Sec+, and a few years of part time help desk experience. A month ago I some how managed to land a full time Information Assurance/ Cyber Security gig. For this job (or rather the positions a level up on the totem pole), CISSP is Gold Star and ...