0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Using Python to Facilitate Tasks in Linux
By: Krintoxi
September 21, 2015

Hello, this is a short guide on how to use the Python Scripting language to facilitate Tasks in Linux. I'll start by giving a small overview on what Python is:According to Wikipedia," Python is a widely used general-purpose, high-level programming language . Its design philosophy emphasizes code readability, and its syntax ...

Hacked Through Phishing: An Ugly Security Awareness Lesson Learned
By: ryan c
September 18, 2015

Given we're a cyber security education company, we like to preach (maybe too much at times) about how darn important  security awareness training for employees really is. So, we thought we'd share the hideously ugly lesson that internet authority company, ICANN, learned about security awareness not too long ago.  Reliving the ICANN Phishing Hack: Phishing is ...

What Really Happens When I Press Enter
By: The Steve
September 18, 2015

Please note: some of the backslahes ( \ ) in the coding below may have been removed by the WordPress program. When you press enter, the program doesn't just run. There's an order of operations that takes place. Understanding this order can keep you from making some pretty big mistakes. Let's take a command and break apart what ...

Best Practices for a Security Operations Center
By: Joshi
September 18, 2015

I. Abstract A Security Operations Center (SOC) is an important facility for any organization that wants to address security threats, vulnerability, assessment and management. There are baselines in existence that addresses few of the security aspects, but a complete framework combining people, process and technology currently is not up to the high standards (Jacobs, Arnab & Irwin 2013). ...

What You Should Know About SQL Injection
By: Rana Daniyal Khan
September 17, 2015

SQL Injection: SQL injection  is a code  injection  technique, used to attack data-driven applications in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). Types : [-]Error based[-]Blind based  [1]Error based: In error based we used error through-ed ...

Firewall Tunneling Using SSH and Putty
September 17, 2015

SSH (Secure Shell) is a protocol that allows two devices exchange data with each other security in an encrypted format, hence protecting the data being transmitted. It usually uses Port 22 for all communications. For example, if you were to connect to a remote server, then there's no guarantee that your username and password would be transmitted in secure ...

Understand These 4 Network Traffic Capture Tools
By: AliceA
September 16, 2015

Traffic capture, which also is referred to as packet capture, is one activity of Penetration Testing (pentesting)*. Pentesting allows the pinpointing of vulnerabilities on a network and provides identification of suspicious packets moving across the network. Being able to Identify routine network traffic is also valuable because it provides a look at how ...

Why Using Study Guides Make a Big Difference
By: klowe
September 16, 2015

You know those times where you took an exam without studying, and still did well? We hate to break it to you, but those times don't exist in the Infosec world.  Sure, you may have one or two baby Einsteins who can sit through a five-day bootcamp ...

Python Hashcracker (Dictionary Attack)
By: CameToLearn
September 16, 2015

This is a good example of a simple Python script, which you can create in less than 30 minutes.Python is really useful for creating security tools. You can create many tools like Port Scanners, Hashcrackers, Servers and Clients...and many more.A good book I recommend reading that focuses on Python security tools is "Black Hat Python" by Justin Seitz.Without further ...

Understanding Linux Input, Output and Pipes
By: The Steve
September 16, 2015

Linux uses 3 standard channels of communication: Standard input (channel 0), standard output (channel 1) and standard error (channel 2). Understanding how these channels work can allow you to perform very complex tasks at the command line.  Channel 0 Our standard input channel will generally take input from the keyboard. A lot of times we don't notice this because ...