0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Infosec Professional's Guide to Managing Smartphone Apps
By: RoninSmurf
January 20, 2016

[caption id="attachment_56548" align="aligncenter" width="800"] Smartphones make our lives easier and keep us entertained with a wonderful array of apps.[/caption]  Testing Apps Given how much information is on our phones, it's of little surprise to see the rise of malware, spyware and viruses. Even though each of the major vendors verifies uploaded apps, it's pretty easy to sneak in malicious ...

9 Cloud Security Threats You Should Know
By: bluemonk12
January 20, 2016

NOTE: The following is the research paper I did for the Cloud Essentials class at school.  It's mostly an overview of basic security concepts and attacks.  If you need clarification on any point or would like to help clarify any point, please contact me.    Cloud Security Threats and Preventions   ...

[podcast] Anti-virus (...what is it good for... absolutely nothing?)
By: BrBr
January 17, 2016

Anti-virus products... they have been around for as long as many of us have been alive. The first anti-virus program, "The Reaper" was designed to get rid of the first virus 'The Creeper' by Ray Tomlinson in 1971.This week, we discuss the efficacy of anti-virus. Is it still needed? What should blue teamers be looking for to make their#anti-virus work ...

Part 1: CHFI and DIGITAL FORENSICS – Acquiring Disk Image with FTK IMAGER
By: bjacharya
January 16, 2016

Hello and welcome to this new series of Student Video Tutorial. This series is basically related Digital Forensics. I'll cover wide range of Digital Forensics together with Computer Hacking Forensic Investigator, CHFI.Video Demo/Lab :   CHFI & Digital Forensics [Part 1] – FTK IMAGER   or ( https://youtu.be/3z3Iau04gt8 ) Ok now, let’s get started. We'll cover: Digital Forensics: We'll ...

Building Threat Analyst Centaurs Using Artificial Intelligence
By: klowe
January 14, 2016

When you think of a centaur, thoughts of a mythical creature that can perform threat analysis doesn't exactly come to mind, does it? Enter Recorded Future's artificial intelligence system - poised to provide both intelligence and strength to uncover hidden threat actors upon our systems. In this way, Recorded Future's  use of AI techniques in the security realm ...

Basic Hacking with Firefox (Part 1): Information Gathering
By: Hacker542
January 14, 2016

Basic Hacking with Firefox (Part 1): Information Gathering Hacking itself consist of different phases. All steps are necessary to perform. The first and most important step is information gathering about a site. During information gathering, information about the HOST and Name servers, IPs, URLs and hidden URLs, HTTP Headers, Cookies, methods and technologies used ...

It's 2016...and Recorded Future is Naming the 3 Hottest Security Trends for the New Year
By: klowe
January 13, 2016

 As every security professional knows, for every 'Happy New Year!' shout, hoot and holler, there's a heck of a lot additional commotion going on surrounding another issue---a new year of new security threats.And while it's no secret that 2016 will bring along a hoard of headline-grabbing security incidents, it's important to know what the experts think will be the ...

Part 2: Protecting Your Data in Linux - A Deeper Look at Disk Encryption
By: zhak
January 12, 2016

Creating initramfs These steps are to be performed in chroot environment during installation of Linux distribution of your choice. Finally, comes the most exciting (and complicated) part – creation of initramfs!Initramfs is a root filesystem that's embedded into the kernel and loaded at an early stage of the boot process. It provides early userspace, which ...

[podcast] Cryptonite - or how to not have your apps turn to crap
By: BrBr
January 11, 2016

This week, we find ourselves understanding the#Cryptonite that can weaken devs and software creators when dealing with #cryptographic #algorithms and #passwords. Lack of proper crypto controls and hardcoded passwords can quickly turn your app into crap.Remember the last time you heard about a hardcoded#SSH private key, or have you been at work when a developer left the #API keys in ...

Part 1: Protecting Your Data in Linux - A Deeper Look at Disk Encryption
By: zhak
January 8, 2016

This article is not for complete newbies, but for juniors who already know a bit about Linux,. They can install a new system themselves and have at least basic knowledge about cryptography in general and methods of encrypting data/block devices in Linux (in particular).We'll speak about: How to do complete full disk (/dev/sda) encryption with dm-crypt ...