0P3N Blog

Cybrary’s Open Blog is a user contributed cybersecurity knowledge base that brings together content highlighting the latest tools, exploits, technologies and insights in the industry.

Artificial Intelligence In Cybersecurity Operations
By: Muhammad Tariq Ahmed Khan
November 13, 2020

Since the attack surface is rapidly expanding and continues to evolve at an unprecedented pace, cyber-attacks are becoming more sophisticated and are increasing at lightning speed. There are innumerable varying cyber threats that need to be detected, prevented, and analyzed to calculate their danger or risk accurately. Simultaneously, one of the biggest challenges is that cyber-criminals within various state-sponsored attackers, ...

Penetration Testing Lesson: LIBSSH Auth Bypass aka CVE-2018-10933
By:
November 13, 2020

LIBSSH Auth Bypass CVE-2018-10933 Lab Files: https://cydeferepo.s3.ca-central-1.amazonaws.com/libSSH.rar What is it?: LibSSH versions 0.6 and above have an authentication bypass vulnerability which an attacker could use to create channels without first performing authentication, resulting in unauthorized access. If the server is presented with an SSH2MSGUSERAUTHSUCCESS message instead of the expected SSH2MSGUSERAUTHREQUEST message, which would initiate the authentication, the attacker could successfully authenticate without ...

Denial-of-service (DoS) Attack Tools
By: Nihad Hassan
November 10, 2020

Denial-of-service (DoS) and distributed denial-of-service (DDoS) attacks are types of cyber attacks that attempt to make an online service, server, or network unavailable by overwhelming it with a flood of internet traffic. As its name implies, Network-based DoS uses one device to send a flood of internet traffic, while DDoS uses more than one device to send this traffic to the ...

The Top Azure Certifications
By: Shelby Welty
November 9, 2020

The Sky's the Limit: The Top Azure Certifications While Amazon was first to market, Microsoft has been steadily closing the cloud computing gap. As noted by ZDNet, Azure is now solidly in second place behind AWS offerings and is considered the "enterprise favorite" thanks to the broad adoption of Windows OS, productivity, and server products across business technology ecosystems. As a ...

Rethinking perimeter security in the age of distributed, virtualized computing environments
By: Dr. Edward Amoroso
November 9, 2020

This article was written to accompany the Designing Enterprise for Multi-Cloud course, on Cybrary. Enterprise computing has come a long way from the localized packet-switched networks of old. Today’s environment consists of a complex array of autonomous systems all over the world working together to get data where it needs to be. But as technology evolves, so too does the threat ...

The Importance of Cybersecurity in IoT
By: Gabriel Schram
November 6, 2020

The all-encompassing internet of things (IoT) is expanding at a rate that correlates with the influx of newer technologies at our disposal. Interconnectivity between devices is at an all-time high with no peak in sight. Moreover, IoT devices are taking on increasingly vital roles in fields and industries across the spectrum. The prospect of worldwide connectivity in a diversity of ...

Five Reasons To Turn On Multi-Factor Authentication
By: Nihad Hassan
November 6, 2020

Digital authentication is the process of identifying the identity of a user or a device against a computer system (e.g., a network, device, or application) to gain access to protected resources (data and sensitive applications). Digital authentication mechanisms are considered the backbone of information security in today’s digital age. In IT systems, a username and password remain the most used factor ...

The Rise Of The Virtual Conference. Reflections On Black Hat Asia
By: Daryl Sheppard
November 5, 2020

Without a doubt, this year has been a different one; and one that I doubt anyone would have anticipated come January 1. While unquestionably COVID has been terrible for the world, it has created a virtual conference. Rather than canceling major events that would have gathered thousands of people together in an unsustainable and unsafe environment, many events successfully pivoted ...

Threat Hunting Tools
By: Nihad Hassan
November 5, 2020

The active process of detecting abnormal activity within a computer network or system (e.g., server, workstation, mobile device, or IoT device) is called Cyber Threat Hunting. Discovered activities can be a sign of an ongoing attack (e.g., encrypting ransomware), exfiltration of data, command and control activity, or other malicious activity. Threat hunting is an active defense that works by proactively ...

Course Spotlight: Student Data Privacy Governance
By: Arun Vembanatt
November 4, 2020

Student Data Privacy Governance is one of the most discussed topics off-late. As you may be aware, the world has gone online due to the COVID pandemic, which has affected the entire planet. Especially for students, be it primary schooling or kindergarten, everything has become online, exposing their privacy. I should say that the Author Ivy Nelson has done a fantastic job selecting ...