0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Social Engineering Toolkit (SETOOLKIT) Credential Harvester
By: fr4nc1stein
August 11, 2015

Social Engineering Toolkit (SETOOLKIT) Credential Harvester  using Kali  There's a 2 types of Social Engineering Attack a Human Based and Computer Based, this time we are going to use Computer Based Attack using very good tools in performing Social Engineering Attacks.Requirements: 1. An Active Internet Connect. 2. Kali Linux ( Download ) Overview ...

Guide: How to Manually Perform SQL Injection with UNION SELECT
By: Kevin Mark
August 11, 2015

This is not shared with you so that you'll go out now and do something illegal. I want you to read this and learn to actually train and do this on your own or use with others that have given you a thumbs up to try it out. Hello to all of you and welcome ...

Man in the Middle Attack [MITM] using Ettercap, dSniff Tools and Wireshark
By: Kevin Mark
August 11, 2015

Hello and welcome to this tutorial,As you can read in the title, we're going to perform a 'Man in the Middle Attack' using Ettercap, dSniff tools and of course, my favorite, Wireshark. Just to let you know, I've performed this attack on a my Mac. For you guys that are using backbox, Kali or others, load up your terminal ...

The Unconventional Guide to Network Security 1.2
By: ram
August 7, 2015

Network Security 1.2 Based on CompTIA’s list of Security + exam objectives (their PDF list of domains is found here: https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf ), I’ll go through each one, giving examples and details where possible, so you know better what each listed item means, does and looks like. The examples are not ...

A Synopsis of Personally Identifiable Information (PII) for End-User Security
By: ryan c
August 7, 2015

Updated October 2018 Regarding, end-user security, the term PII is commonly referenced. PII, or Personally Identifiable Information, consists of data that can allow an individual to trace and/or contact another person. This type of information may indicate an individual's name, address, the type of car a person owns, credit card numbers, the names of family members, email addresses, telephone ...

Simple and Effective Password Concept
By: klrgrz
August 6, 2015

The problem with passwords is that humans are inherently lazy (hey, me too!) and Security Admins are apparently a special kind of sadist when they think users can remember an insane combination of 1337 and binary. In reality, complex password requirements traditionally lead to greater security risks because users find new ways of cheating to remember their passwords. Whether ...

Administrating Your Network Domain with PsTools
By: Matthew Williams
August 6, 2015

Using PsTools: With PsTools, there are a number of different utilities included. The two I'll focus on are: PsExec and PsShutdown. The rest are useful, too, and you can apply these techniques and batch files to them fairly easily. PsExec is used to execute remove cmd commands or processes on domain connected servers or workstations. I ...

My Journey: CCNA and SECURITY+
By: Amir
August 6, 2015

The moment you think you know something about security, you realize you don’t know anything! I'll discuss my experience pursuing a CCNA certificate and a Security + certificate. The Beginning In 2011, I began learning about networking through free classes in San Diego's community college continuing education programs. I started with ...

Security Awareness - How to Spot Spoofed Emails and URLs
By: ryan c
August 4, 2015

Security Awareness Training has migrated from a "nice to have" security function within an organization, to now, a "must have." In fact, more quickly than ever, companies of all sizes and industries are integrating security awareness training into their required learning for all employees. It's now a matter of simply being irresponsible if your organization doesn't have a course.One ...

Methodology of information gathering and testing in social engineering
By: Laird
July 28, 2015

Obtaining information for social engineering, or from the target organization knowingly made unwitting available. As with anything should first be taken ethical considerations into account.To answer the question of whether the use of social engineering techniques as part of a penetration testing is acceptable , should first be shown why social engineering ever successful:The techniques work ...