0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Why Hundreds of Thousands of People are Learning Hacking, for Free
By: ryan c
September 3, 2015

Perhaps it is somewhat shocking that hundreds of thousands of people are learning hacking, for free on Cybrary. However, there are several very good reasons for this free cyber security learning revolution.A fundamental change in the way cyber security is taught and learned, is upon us. Together, the Cybrary team, and each of our Members, are making this change happen, ...

Password Complexity....Are We Fooling Ourselves?
By: sl0m0
September 2, 2015

Many of the beliefs we have around what constitutes a “good” password are created by what default policies in software such as Microsoft teach us.We are led to believe that a minimum length of 8 characters, a good mixture of UPPER and lower-case, numbers and uncommon (i.e. $@#&!) characters automatically make a good password.Many Systems Administrators ...

By: Odysseas
September 2, 2015

Introduction from the Programmer - This program is a simple program for the employees payment from the logistics section.We suppose that the currency is  in Euro and we dont focus on how the national tax system ison 40 Euro or in 100 Euro.Its a typical example to understand how programming is getting done with a languagelike Pascal. ...

Using the Metasploit database (advanced)
By: Johan Grotherus
September 1, 2015

In my first tutorial I demonstrated the basic usage of the Metasploit database. This included how to use nmap from within the Metasploit console, importing nmap scans and also how to display information in it.Now we will look a bit deeper in what possibilities the Metasploit database can provide, and also see how it looks when importing database from other ...

A Close Look at UDP Ping
By: Falko
September 1, 2015

The Internet is complex system composed of many different protocols and implementations. Sometimes, it's very buggy. It contains many poorly documented devices and operators that are implementing policies that aren't well measurable. Often, measured data isn't perfect, partial, not friendly, etc. Further, understanding such data is difficult and requires some skills and practice. Generally, any task related to data ...

Cracking a WPA2 WiFi Password with Aircrack-ng
By: upendra
September 1, 2015

Hola amigos... Aim: To crack a WPA2-psk encrypted WiFi password using Aircrack-ng.Requirements: If  you're using a Kali Linux in VMware or other virtual machines, then you need to get a compatible USB WiFi receiver (I'm using an Atheros AR9271 wireless network adapter), because WiFi connections don't show up in virtual machines. Instead, they show those connections ...

Tutorial: Basic Buffer Overflow
By: CryptoCodez
September 1, 2015

// Hey guys, today, I will give you a brief introduction to buffer overflows on Linux x8664 machines.// So, let's start with a basic example in C:_______// First some standard includes, you should now them...#include#include#include// we create a vulnerable functionint vulnFunction(int a, int b){// it creates a buffer with a size of 128 bytes! Yes, 128 not 125; it ...

Tutorial: How to Use SQLMAP
By: Kevin Mark
September 1, 2015

 Hello and welcome to another tutorial,You may have read my other contributions on Cybrary. If not, you should check them out: How to Manually Use SQL Injection with the UNION SELECT Method [Guide] How to Find Web-Based Vulnerabilities (Manually and with Tools)  As you might already know, SQL Injection is ...

Brakeing Down Security Podcast - Episode 2015-037
By: BrBr
August 31, 2015

https://brakeingsecurity.com/2015-037-making-patch-management-work Once you find a vulnerability, how do you handle patching it? Especially when devs have their own work to do, there are only so many man hours in a sprint or development cycle, and the patching process could take up a good majority of that if the vuln is particularly nasty.One method is to triage your patches, and ...

Using the Metasploit Database
By: Johan Grotherus
August 28, 2015

The Metasploit database is a good way of keeping track of the things you get your hands on during a penetration test. The database can hold things like hosts, services, usernames and passwords. One particular useful feature of the Metasploit database is the integration it has with Nmap. You can utilize Nmap scans from within Metasploit and ...