0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Level 2 - A1 Injection (CTF)
By: bestiaNXN
November 3, 2015

This is the Level 2 write-up of the Info Sec Institute Capture the Flag for Practical Web Hacking. I'll be going over the process I used to "Capture the Flag" and then I'll explain how the web page is vulnerable.The vulnerability on https://ctf.infosecinstitute.com/ctf2/exercises/ex2.php is Injection and the instructions tell me that the goal is to run phpinfo() ...

Understanding What's Behind the Exploitation Scene in Metasploit
By: S-Connect
November 3, 2015

Welcome Back! Here, we'll analyze and understand the mechanism behind the exploitation scene, especially in Metasploit.Let's start with a scenario: an attacker executes the exploit + payload against the vulnerable service on the victim's machine. [caption id="" align="alignnone" width="393"] Figure 1.0[/caption] Above, Fig 1.0, shows a single line diagram, just to give you an idea how exploit + payload ...

Big Cybersecurity Budget Means Big Business for Defense Contractors
By: TREVORH
November 3, 2015

Following last month’s $1billion contract awarded to Raytheon from the Homeland Security Department, the Pentagon is now taking bids from defense contractors to help protect against the digital future.Big industry names such as Raytheon Co., Lockheed Martin Corp., and General Dynamics Corp. are expected to be at the forefront, competing for a contract valued at up to $460 million.While many ...

RECONSTRUCTING THE CYBER TALENT PIPELINE
By: TREVORH
November 2, 2015

A “Cyber Talent Pipeline” refers to an organization's creation of an going, readily available, talent pool to fill various cyber security jobs, as they become available. The effects of a poorly maintained pipeline is hitting the cyber security industry in full force. The supply is simply not available to meet the demand. With present reporting of over 200,000 unfilled jobs, and ...

The Unconventional Guide to Network Security 1.3
By: ram
November 2, 2015

Network Security 1.3 Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf ), this article covers the first domain, Network Security (1.0), with its third sub-heading (1.3). I mention any products and examples because:1. When you’re starting out it can be difficult to ...

CyDefe podcast episode 19
By: CyDefe
October 29, 2015

Episode 19 of our podcast is up at CyDefe.com/podcast. On this weeks episode we are joined by Shannon Morse. We discuss hacking chip and pin cards, malware that replaces your browser, a FitBit danger, and the rise of OS X malware.Have a listen and enjoy.

Understanding the Metasploit Framework
By: S-Connect
October 29, 2015

Finally, you're here. Before we step in, I'd like to clear up this misconception about Metasploit: Metasploit is not a tool or software; it’s a ‘Framework.’ Let's start begin: Architecture   Library REX Basic Library for most tasks Handles sockets, protocols, text transformation and others SSL, SMB, HTTP, XOR, Base64, Unicode   Msf: Core Provides the ...

NoobSec Toolkit v2: MAC Address spoofing for Anonymity and Security
By: Krintoxi
October 29, 2015

Hello, today i will be showing you a small guide to using the NoobSecToolkit tool to Spoof the MAC Address of your device for Anonymity ,Security, and confidentiality reasons. When Nick meets Mack! Every NIC has a hardware address that's known as a MAC, for Media Access Control. Where IP addresses are associated with ...

A Closer Look at Malware
By: Dr3AMCoDeR
October 29, 2015

In this discussion, I'd like to talk little more about Malware in detail. I hope that this short tutorial is useful for you. I'm not going to tell you what Malware is and how to make it, because (almost) all of you know that Malware is malicious software and that it's created with advanced programming techniques.The main difference between ...

The Essential Subnetting Cheat Sheet
By: SniperCS2
October 28, 2015

While studying for CCNA many years ago, I created this document to assist me with subnetting.  Hope you find this information helpful.   Address Space - 32 bit IPV4   11111111 11111111 11111111 ...