Cybr Courses

[The course is 99% complete - all video lessons are uploaded. More section quizzes are being added] Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k video).

Video-only courses are holding you back. Content goes in one ear and out the other. Average videos are also spoken at 150 words per minute, while you're able to read at 250. That's why our courses combine videos with full transcripts. Not only is it a more effective way of learning, but it will help prevent spending hours watching videos to only end up forgetting everything. Retain what you learn with our combined approach and practical studying tips.

The course will cover all 5 domains that you are expected to know in order to pass the exam. This includes:

1. Attacks, Threats, and Vulnerabilities (24%)
2. Architecture and Design (21%)
3. Implementation (25%)
4. Operations and Incident Response (16%)
5. Governance, Risk, and Compliance (14%)

We also include our practice exams when you purchase the course, as well as integrated knowledge checks throughout the course. *Early Preview means that the course is currently in active development and is roughly 99% complete. All video lessons have been uploaded, and more section quizzes are now being added. You can enroll now and you will receive all updates. Have more questions about the exam? Check out our Security+ FAQ.

Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions.

Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank.

Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance.

Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice.

Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner.

In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat.

If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course!

Testimonials:

This course is now available in Early Preview! Access it while it's being actively developed, and paid members receive all updates until it's 100% complete!

What makes this course different

Production quality: We've been developing cloud and security training material for over 7 years and have taught hundreds of thousands of IT professionals all the way from individuals to Fortune 500 companies. Our production quality is top-notch and not only reflects expert experience but focuses on building practical skills with interactive diagrams, realistic lab scenarios, and other interactive elements.

Interactive Diagrams: Concepts can be really boring to learn, especially when it's just someone reading slides. That's not what you get from this course. We've developed interactive diagrams that you can interact with as you're learning. That way, as we're discussing concepts or as we're deploying resources in the AWS cloud, you can visualize exactly what's going on side-by-side.

Scenario-based: From the very beginning of the course, we set up a realistic and sample AWS multi-tier architecture, which we then evaluate from a security perspective to understand potential attack vectors. The rest of the course centers around this architecture and those security concerns so that we can learn how to properly defend our AWS resources, just as we would on the job as cloud security professionals.

Lab-based: Every practical step we take in the course can be completed in your very own AWS account, and we will be adding actual lab scenarios for you to complete. Most if not all of them can be done for free using the AWS free tier. We will notify you beforehand if there are any resources that will cost money so you can decide whether you want to complete those labs/steps or not.

About the authors

This course was created, developed, and published in collaboration between Konstantinos Papapanagiotou and Christophe Limpalair.

Kostas is a Cyber Security Consultant with over 19 years of security and IT consulting and research experience. He’s also been a volunteer for the OWASP nonprofit organization for over 17 years and is an OWASP Chapter Leader in Greece.

Christophe is the founder and an author at Cybr, where he's published many courses on topics of ethical hacking. You may also know him from Linux Academy / ACloudGuru, where he taught multiple AWS courses including associate and professional-level AWS certification courses, and helped tens of thousands of learners get certified. He also helped pioneer, develop, maintain, and secure Linux Academy's cloud Hands-On Labs and Assessments technology which ran as a $1m budget on AWS.

Between Kostas and Christophe, the authors have years of experience working in AWS and building as well as securing production environments. They share that experience in this course to help you get started learning how to secure AWS resources and environments.

Description: Networking is easily one of the most commonly recommended topics to learn for anyone interested in being in an IT career, and so it's arguably one of the most important skills to build when starting out. Regardless of what job you end up choosing, having at least a foundational understanding of how data travels all around us is very beneficial. So in this course, we're going to learn just that starting with how data travels using physical connections. But physical connections alone aren't enough to make the internet work. We also need to answer questions like: how does data know exactly where to go? Say I'm sending an email to someone - how does that email know to go to that other person's inbox, and no one else's? Or even reading this right now. How did you receive this text and the images on this page that are stored in a different part of the world than where you're located? How does all of it transfer in seconds or even milliseconds? These are fascinating questions that can be answered once we understand how the physical and virtual backbone of the Internet works. Once we understand how human-readable information gets transformed into a format that machines can process, and then back into a human-readable format again. Once we understand how models and standards were created to dictate a set of rules for how devices should communicate. Once we look at all of that, and more, then we start to see how everything is interconnected and how the Internet is able to function the way it does. Join us as we unpack the mysteries of networking and learn Networking Fundamentals that you'll be able to carry with you throughout your entire IT career!

Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API.