0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

5 Elements to Explore in Metasploit Basics
By: Multi Thinker
July 9, 2015

Hi once again,In this security article, I'll define the framework of Metasploit .We'll cover following topics (there are many more of them and we'll cover them in my next article): What is Metasploit? What Can We Do with It? Understanding Metasploit CLI Commands and Exploit Attacks ...

An In-Depth Look at Ransomware
By: Johnny Confidence
July 9, 2015

What is Ransomware? Ransomware is a generic term for a family of malware, which, once active on your systems, searches for documents and pictures then encrypts them. Once encrypted the malware leaves a note with instructions on how to pay the attacker to receive a key allowing decryption of your files. ...

Don't Be the Victim of Cyber Fraud
By: DocGreenBanner
July 9, 2015

As a volunteer with a cyber crime-non profit, I've recently worked a case involving fraud.I'd like to share the following techniques to avoid fraud from electronic media, such as social media and email. And, the same information can also apply to in-person, phone or mail solicitations. First of all, if it sounds too good to be true, it very likely ...

Security Awareness, Now Available at Cybrary!
By: ryan c
July 9, 2015

Great news! Our End User Security Awareness training course, is now available from Cybrary. No matter how well trained the cyber security staff is within your organization, the greatest vulnerability remains just that, a huge vulnerability, if it remains unmitigated. It is widely known that the primary cause of data breaches within organizations comes ...

Xpath Injection (Final)
By: Multi Thinker
July 8, 2015

Testing and confirming Xpathi Testing for Xpath and confirming are the most important parts. Most of us, and specially the readers of security idiots, see SQLi everywhere and anywhere they find an error - even if the error is a Conversional Error, Internal Error or Programming Error. Sometimes, people assume that getting blocked by WAF upon typing "Union ...

XPath Injection (Part 2)
By: Multi Thinker
July 8, 2015

The XML Example Document. We'll use the following XML document in the examples below. <?xml version="1.0" encoding="UTF-8"?><bookstore><book> <title lang="eng">Harry Potter</title> <price>76.99</price></book><book> <title lang="eng">Learning XML</title> <price>22.95</price></book><book> <title lang="eng">Learning XPATH</title> <price>30.20</price></book><book> <title lang="eng">Learning Secrets of Injections</title> <price>50.99</price></book><book> <title lang="eng">Learning Programming</title><price>53.45</price></book></bookstore> Selecting NodesXPath uses path expressions to select nodes in an XML document. The node ...

Evil Twin Attack Using Kali Linux
By: ^Graff
July 7, 2015

Evil Twin Attack using Kali Linux By Matthew Cranford I searched through many guides, and none of them really gave good description of how to do this. There's a lot of software out there (such as SEToolkit, which can automate this for you), but I decided to write my own. The scope of this ...

Recommended: Strong Passwords Technique
By: rubins
July 7, 2015

I hope this helps others; I find this helpful and useful for my accounts.My technique of using strong and different passwords for any accounts is done through the use of the message digest or hash value. The calculated hash value of a certain word or file is what I used as my password.A strong password must include the following: ...

Minimize Vulnerability to VMEscape
By: ryan c
July 3, 2015

Are you familiar with the process of a virtual machine's OS separating from its parent's hypervisor, which is known as VMEscape? Are you familiar with the key vulnerabilities that exist within the VMEscape process? Here is how you mitigate security risks in VMEscape: Keep virtual machine software patched. Install only the resource-sharing features that ...

Use this Safeguard Before Your Android Phone is Lost or Stolen
By: Er. Ragini
July 3, 2015

Hi Team,Here's something interesting about Android phone security. You can protect your phone as well safely store information inside the phone. It's possible this information won't be new for all, but trust me, if you don't know this, it could be very beneficial.If your phone has been lost or stolen, you can: Lock your phone. ...