Cybr Courses Courses Search All Courses13 AlphabeticalNewly Created All CategoriesApplication SecurityBeginnerCertificationsCloud SecurityCybersecurity FundamentalsEthical HackingIntermediateNetworking Security All InstructorsAldenChristopheJuan Free 9 Lessons Beginner’s Guide to sqlmap Christophe Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration. Not Enrolled 392 Lessons CompTIA Security+ SY0-601 Course Christophe Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need. The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications. By the way, I'm Christophe Limpalair, the founder of Cybr, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified. I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn. This exam has 5 different domains: - Domain 1 is about Attacks, Threats, and Vulnerabilities – which is 24% of the exam- Domain 2 is about Architecture and Design – which is 21% of the exam- Domain 3 is about Implementation – which is 25% of the exam- Domain 4 is about Operations and Incident Response – which is 16% of the exam- Domain 5 is about Governance, Risk, and Compliance – which is 14% of the exam Within these domains, you will learn about malware, web/cloud/network attacks, cryptography, network configurations, authentication, and much, much more. If any of those topics sound overwhelming to you — don’t worry! I walk you through it all lesson by lesson. This course has over 300 video lessons (with full transcripts) which is over 23 hours of high-quality content as well as additional learning materials including a study template you can customize, a full list of Security+ acronyms and their definitions, and over 40 knowledge check quizzes. I’ve even included multiple-choice practice exams at the end of the course to validate your knowledge and understanding, and I provide access to multiple Performance-Based Questions (PBQs) that you can take and that mimic PBQs you can expect to see on the exam. On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks. With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level! I’ll see you in the course! Not Enrolled 3 Lessons CompTIA Security+ SY0-601 Practice Exams Christophe Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions. Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank. Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance. Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger  Not Enrolled 34 Lessons DevSecOps Fundamentals Christophe Learn the fundamentals of DevSecOps to understand what it means, why it matters, and how to implement it within your organization. With DevSecOps, one size doesn't fit all, and it's not just a matter of implementing a handful of tools or concepts. It's about understanding what makes sense for your use case and requirements, and what approaches are most relevant. It's also about understanding how to go from zero to the first few steps of implementation, and how to track progress along the way. Regardless of whether you're starting from scratch with a brand new application, or whether you're dealing with a mature product and organization, that's what this course focuses on helping you achieve. Note that this course is text-only. This means we are not planning on adding video lessons. Please view the "About this course" lesson for more details on this! We do plan on adding more graphics over the coming weeks. This is a premium course which means Monthly and Yearly memberships have access. This course is not available for individual purchase. Free 25 Lessons Injection Attacks: The Free Guide Christophe In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course! Free 26 Lessons Introduction to Application Security (AppSec) Christophe Description: In this course, we provide a thorough yet high-level understanding of Application Security concepts as they relate to web, mobile, and cloud-based applications. It is intended to provide a foundational overview of core concepts so that you can dive deeper into those respective areas of interest. Not Enrolled 52 Lessons Introduction to AWS Security Christophe Learn how to secure your cloud infrastructure with our comprehensive Introduction to AWS Security course. Designed for beginners, this training course provides you with the essential knowledge and skills to protect your AWS environments and resources from all sorts of threats. Led by industry experts with extensive experience in AWS security, this course offers a deep dive into the fundamental concepts and best practices for securing cloud infrastructure in Amazon Web Services. You'll gain a solid understanding of Identity and Access Management (IAM), data access control and encryption (including securing S3), network and infrastructure security, and monitoring & logging. Our interactive learning approach combines comprehensive lessons, interactive diagrams, and hands-on lab 🧪 exercises as well as challenges to help you both grasp security concepts and know how to apply them in real-world scenarios. You'll have the opportunity to reinforce your learning and gain hands-on experience configuring security measures directly in the AWS Management Console. Upon completion, you'll be awarded a certificate of completion. This certificate can be added to LinkedIn and can serve as a valuable asset when showcasing your skills to potential employers or clients. Enroll in our Introduction to AWS Security course today and gain the knowledge and confidence to start protecting your AWS environment effectively! Free 10 Lessons Introduction to OS Command Injections Christophe OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader. Not Enrolled 31 Lessons Networking Fundamentals Alden Description: Networking is easily one of the most commonly recommended topics to learn for anyone interested in being in an IT career, and so it's arguably one of the most important skills to build when starting out. Regardless of what job you end up choosing, having at least a foundational understanding of how data travels all around us is very beneficial. So in this course, we're going to learn just that starting with how data travels using physical connections. But physical connections alone aren't enough to make the internet work. We also need to answer questions like: how does data know exactly where to go? Say I'm sending an email to someone - how does that email know to go to that other person's inbox, and no one else's? Or even reading this right now. How did you receive this text and the images on this page that are stored in a different part of the world than where you're located? How does all of it transfer in seconds or even milliseconds? These are fascinating questions that can be answered once we understand how the physical and virtual backbone of the Internet works. Once we understand how human-readable information gets transformed into a format that machines can process, and then back into a human-readable format again. Once we understand how models and standards were created to dictate a set of rules for how devices should communicate. Once we look at all of that, and more, then we start to see how everything is interconnected and how the Internet is able to function the way it does. Join us as we unpack the mysteries of networking and learn Networking Fundamentals that you'll be able to carry with you throughout your entire IT career! Not Enrolled 39 Lessons Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT Christophe Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This courses uses and teaches 4 primary tools: CloudGoat Pacu ChatGPT AWS CLI CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are. In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu. We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective. This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths. Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Free 9 Lessons Beginner’s Guide to sqlmap Christophe Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration. Not Enrolled 392 Lessons CompTIA Security+ SY0-601 Course Christophe Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need. The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications. By the way, I'm Christophe Limpalair, the founder of Cybr, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified. I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn. This exam has 5 different domains: - Domain 1 is about Attacks, Threats, and Vulnerabilities – which is 24% of the exam- Domain 2 is about Architecture and Design – which is 21% of the exam- Domain 3 is about Implementation – which is 25% of the exam- Domain 4 is about Operations and Incident Response – which is 16% of the exam- Domain 5 is about Governance, Risk, and Compliance – which is 14% of the exam Within these domains, you will learn about malware, web/cloud/network attacks, cryptography, network configurations, authentication, and much, much more. If any of those topics sound overwhelming to you — don’t worry! I walk you through it all lesson by lesson. This course has over 300 video lessons (with full transcripts) which is over 23 hours of high-quality content as well as additional learning materials including a study template you can customize, a full list of Security+ acronyms and their definitions, and over 40 knowledge check quizzes. I’ve even included multiple-choice practice exams at the end of the course to validate your knowledge and understanding, and I provide access to multiple Performance-Based Questions (PBQs) that you can take and that mimic PBQs you can expect to see on the exam. On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks. With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level! I’ll see you in the course! Not Enrolled 3 Lessons CompTIA Security+ SY0-601 Practice Exams Christophe Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions. Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank. Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance. Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger  Not Enrolled 34 Lessons DevSecOps Fundamentals Christophe Learn the fundamentals of DevSecOps to understand what it means, why it matters, and how to implement it within your organization. With DevSecOps, one size doesn't fit all, and it's not just a matter of implementing a handful of tools or concepts. It's about understanding what makes sense for your use case and requirements, and what approaches are most relevant. It's also about understanding how to go from zero to the first few steps of implementation, and how to track progress along the way. Regardless of whether you're starting from scratch with a brand new application, or whether you're dealing with a mature product and organization, that's what this course focuses on helping you achieve. Note that this course is text-only. This means we are not planning on adding video lessons. Please view the "About this course" lesson for more details on this! We do plan on adding more graphics over the coming weeks. This is a premium course which means Monthly and Yearly memberships have access. This course is not available for individual purchase. Free 25 Lessons Injection Attacks: The Free Guide Christophe In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course! Free 26 Lessons Introduction to Application Security (AppSec) Christophe Description: In this course, we provide a thorough yet high-level understanding of Application Security concepts as they relate to web, mobile, and cloud-based applications. It is intended to provide a foundational overview of core concepts so that you can dive deeper into those respective areas of interest. Not Enrolled 52 Lessons Introduction to AWS Security Christophe Learn how to secure your cloud infrastructure with our comprehensive Introduction to AWS Security course. Designed for beginners, this training course provides you with the essential knowledge and skills to protect your AWS environments and resources from all sorts of threats. Led by industry experts with extensive experience in AWS security, this course offers a deep dive into the fundamental concepts and best practices for securing cloud infrastructure in Amazon Web Services. You'll gain a solid understanding of Identity and Access Management (IAM), data access control and encryption (including securing S3), network and infrastructure security, and monitoring & logging. Our interactive learning approach combines comprehensive lessons, interactive diagrams, and hands-on lab 🧪 exercises as well as challenges to help you both grasp security concepts and know how to apply them in real-world scenarios. You'll have the opportunity to reinforce your learning and gain hands-on experience configuring security measures directly in the AWS Management Console. Upon completion, you'll be awarded a certificate of completion. This certificate can be added to LinkedIn and can serve as a valuable asset when showcasing your skills to potential employers or clients. Enroll in our Introduction to AWS Security course today and gain the knowledge and confidence to start protecting your AWS environment effectively! Free 10 Lessons Introduction to OS Command Injections Christophe OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader. Not Enrolled 31 Lessons Networking Fundamentals Alden Description: Networking is easily one of the most commonly recommended topics to learn for anyone interested in being in an IT career, and so it's arguably one of the most important skills to build when starting out. Regardless of what job you end up choosing, having at least a foundational understanding of how data travels all around us is very beneficial. So in this course, we're going to learn just that starting with how data travels using physical connections. But physical connections alone aren't enough to make the internet work. We also need to answer questions like: how does data know exactly where to go? Say I'm sending an email to someone - how does that email know to go to that other person's inbox, and no one else's? Or even reading this right now. How did you receive this text and the images on this page that are stored in a different part of the world than where you're located? How does all of it transfer in seconds or even milliseconds? These are fascinating questions that can be answered once we understand how the physical and virtual backbone of the Internet works. Once we understand how human-readable information gets transformed into a format that machines can process, and then back into a human-readable format again. Once we understand how models and standards were created to dictate a set of rules for how devices should communicate. Once we look at all of that, and more, then we start to see how everything is interconnected and how the Internet is able to function the way it does. Join us as we unpack the mysteries of networking and learn Networking Fundamentals that you'll be able to carry with you throughout your entire IT career! Not Enrolled 39 Lessons Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT Christophe Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This courses uses and teaches 4 primary tools: CloudGoat Pacu ChatGPT AWS CLI CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are. In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu. We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective. This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths. Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Page 1 Page 2 Next » Get notified when we publish new courses