0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Meterpreter: Remote Desktop
By: Multi Thinker
July 14, 2015

As I said before, when we have session open in meterpreter or we have access to cmd, we can add rules for the firewall to accept our connection or to disable the firewall. Let's use method getgui -u -p: -u stands for username and -p stand for password. When we're in someone's computer cmd (command prompt), we ...

Pass The Hash
By: Multi Thinker
July 14, 2015

Hi once again,Using this method, all we need is an SMB ( LAN ) fully compromised PC user-name, as we have recently exploited WindowsXp SP 2. Now that we know his user-name, we need to move into the LAN to other PCs.Let's begin...Running the Metasploit console, I assume you have Metasploit opened and ...

Metasploit: Incognito Attack
By: Multi Thinker
July 14, 2015

Hi there,This is Metasploit part 1. In a recent article, we learned about the basics and a little bit of configuration. Here, we'll be a little more advanced. Meterpreter What's meterpreter? Meterpreter is a DLL injector, mostly used to hijack windows security. A list of commands can let us overtake security of Windows and make changes ...

The Unconventional Guide to Network Security 1.1
By: ram
July 10, 2015

Leveraging CompTIA’s list of Security+ Exam Objectives ( https://certification.comptia.org/docs/default-source/exam-objectives/comptia-security-sy0-401.pdf ), I'll go through each element and provide examples. This article covers the first domain, Network Security (1.0), with its first sub-heading (1.1). The examples are not in any particular order, preference, or recommendation. They’re just quick and ...

Definitions in CompTIA Security+ (German translation)
By: Laird
July 10, 2015

Sicherheitssysteme und Applikationen: All-in-one Security Appliance – Modulares System, mit verschiedenen Sicherheitslösungen:1. IPS - intrusion protection system, schützt vor großformatige Angriffe2. IDS - intrusion detection system, identifiziert Angriffe durch AngriffsmusterHost-basiert: auf jedem Rechner installiertNetzwerk-basiert: Ein Sensor überwacht das gesamte NetzHybrid: Mischung aus Host-basiert und Netzbasiert3. Web filtering (Content Filter) – Filterung bestimmter Inhalte ...

Definitions in CEH (German Translation)
By: Laird
July 10, 2015

Skills:                 Verstehen wie Computer arbeiten, sicherer Umgang mit verschiedenen OS,   Hardwarevorausetzungen der OS kennen, Kommunikation mit anderen Sicherheitsspezialisten Klassifikationen:                 Black Hat Hackers: kriminelle, auf persönlichen Profit ausGrey Hat Hackers:  Mischung  aus Black und White HatWhite Hat Hacker (Ethical Hacker): Beschützen mit ihren Computer skills            InformationssystemeSecurity Providing Organizations:  Organisation die Sicherheit für andere übernehmenStufen:Script kiddies: ...

PowerShell Exploit Using SEToolkit
By: ^Graff
July 10, 2015

PowerShell Exploit Using SEToolkit In this tutorial, I'm going to show you how you can compromise any Windows computer that has PowerShell installed on it. The scope of this tutorial is to: Show you how to open a Meterpreter session on a victim's computer. Help ...

5 Elements to Explore in Metasploit Basics
By: Multi Thinker
July 9, 2015

Hi once again,In this security article, I'll define the framework of Metasploit .We'll cover following topics (there are many more of them and we'll cover them in my next article): What is Metasploit? What Can We Do with It? Understanding Metasploit CLI Commands and Exploit Attacks ...

An In-Depth Look at Ransomware
By: Johnny Confidence
July 9, 2015

What is Ransomware? Ransomware is a generic term for a family of malware, which, once active on your systems, searches for documents and pictures then encrypts them. Once encrypted the malware leaves a note with instructions on how to pay the attacker to receive a key allowing decryption of your files. ...

Don't Be the Victim of Cyber Fraud
By: DocGreenBanner
July 9, 2015

As a volunteer with a cyber crime-non profit, I've recently worked a case involving fraud.I'd like to share the following techniques to avoid fraud from electronic media, such as social media and email. And, the same information can also apply to in-person, phone or mail solicitations. First of all, if it sounds too good to be true, it very likely ...