0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Steps for web pentesting for particular web target - Information Gathering
By: CodeNinja
August 17, 2015
I am CodeNinja a.k.a. Aakash Choudhary and today i am going to contribute my little knowledge to this awesome site  Information gathering is the 1st step :-> Lets say i have a site :->  www.sitename.com Your aim is to pentest this site as i hired you for this purpose ...
15 Ways to Protect Your Privacy Right Now
By: Fiest Kazama
August 17, 2015
This a short post about what you can do to protect your privacy in today's world. Though nothing is 100% safe and as long as people are using technology, their privacy can be threatened. Yet, without technology - life's just no good.   1. Stop Using GOOGLE and FACEBOOK They are collecting mountains of ...
How to Find Web-Based Vulnerabilities (Manually and with Tools)
By: Kevin Mark
August 12, 2015
Hello and welcome to another one of my contributions. This time, we're going to focus on how to discover web application vulnerabilities. If you haven't read my last contribution into how to manually perform SQL Injection, I recommend you to do that after reading this. It's easy to have a tool actually do stuff for you, but you ...
Social Engineering Toolkit (SETOOLKIT) Credential Harvester
By: fr4nc1stein
August 11, 2015
Social Engineering Toolkit (SETOOLKIT) Credential Harvester  using Kali  There's a 2 types of Social Engineering Attack a Human Based and Computer Based, this time we are going to use Computer Based Attack using very good tools in performing Social Engineering Attacks.Requirements: 1. An Active Internet Connect. 2. Kali Linux ( Download ) Overview ...
Guide: How to Manually Perform SQL Injection with UNION SELECT
By: Kevin Mark
August 11, 2015
This is not shared with you so that you'll go out now and do something illegal. I want you to read this and learn to actually train and do this on your own or use with others that have given you a thumbs up to try it out. Hello to all of you and welcome ...
Man in the Middle Attack [MITM] using Ettercap, dSniff Tools and Wireshark
By: Kevin Mark
August 11, 2015
Hello and welcome to this tutorial,As you can read in the title, we're going to perform a 'Man in the Middle Attack' using Ettercap, dSniff tools and of course, my favorite, Wireshark. Just to let you know, I've performed this attack on a my Mac. For you guys that are using backbox, Kali or others, load up your terminal ...
The Unconventional Guide to Network Security 1.2
By: ram
August 7, 2015
Network Security 1.2 Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf ), I’ll go through each one, giving examples and details where possible, so you know better what each listed item means, does and looks like. The examples are not ...
A Synopsis of Personally Identifiable Information (PII) for End-User Security
By: ryan c
August 7, 2015
Updated October 2018 Regarding, end-user security, the term PII is commonly referenced. PII, or Personally Identifiable Information, consists of data that can allow an individual to trace and/or contact another person. This type of information may indicate an individual's name, address, the type of car a person owns, credit card numbers, the names of family members, email addresses, telephone ...
Simple and Effective Password Concept
By: klrgrz
August 6, 2015
The problem with passwords is that humans are inherently lazy (hey, me too!) and Security Admins are apparently a special kind of sadist when they think users can remember an insane combination of 1337 and binary. In reality, complex password requirements traditionally lead to greater security risks because users find new ways of cheating to remember their passwords. Whether ...
Administrating Your Network Domain with PsTools
By: Matthew Williams
August 6, 2015
Using PsTools: With PsTools, there are a number of different utilities included. The two I'll focus on are: PsExec and PsShutdown. The rest are useful, too, and you can apply these techniques and batch files to them fairly easily. PsExec is used to execute remove cmd commands or processes on domain connected servers or workstations. I ...