Cybr Courses Courses Search All Courses23 AlphabeticalNewly Created All CategoriesAdvancedApplication SecurityBeginnerCertificationsCloud SecurityCybersecurity FundamentalsDevSecOpsEthical HackingIntermediateNetworking Security All InstructorsAldenChadChristopheJuanTyler Free 55 Lessons AWS Certified Security Specialty (SCS-C02) Course Christophe Let's get AWS Security Specialty Certified! Videos will be accessible to all for free, and Hands-On Labs, Quizzes, and Practice Exams will be available to Cybr Premium Members. This course is in active development and new content is added weekly. Since this is a large course, it will take a while to finish and we do not currently have an end date. Join us for free live study groups Free 0 Lessons AWS Certified Security Specialty (SCS-C02) Practice Exams Christophe Let's get AWS Security Specialty Certified! Apart from the sample version, Practice Exams will be available to Cybr Premium Members. These practice exams are in active development and new content is added regularly. We do not currently have an end date. Join us for free live study groups where we walk through sample practice exam questions and scenarios! Free 36 Lessons AWS IAM Privilege Escalation Labs Christophe Learn first-hand how attackers exploit IAM misconfigurations in AWS with tactics pulled from real case studies. This course is entirely made up of 🧪 Hands-On Labs with different scenarios that will teach you how to exploit some of the most dangerous IAM privilege escalation weaknesses. The final section is made up of Challenges that will test your new skills and knowledge by providing vulnerable environments for you to capture the flag with limited information and hints. Good luck and have fun! Free 19 Lessons Beginner’s Guide to AWS CloudTrail for Security Christophe Get started with AWS CloudTrail: one of the most important security services that AWS offers. While the CloudTrail service is enabled by default when you create an AWS account, it's enabled with limited functionality that can leave you blind and can hinder your ability to investigate security incidents. For example, there's a very big difference between Management Events, Data Events, and Insights Events, and only one of those is enabled by default. This course will teach you those differences and the 3 main ways that CloudTrail records data so that you can make an informed decision about what you or your organization needs. After covering important concepts, we'll jump in hands-on and learn how to use CloudTrail's Event History, how to create your first trail, how to enable notifications with CloudWatch and SNS, how to use CloudTrail Insights, and how to work with CloudTrail Lake. Finally, you will learn how to secure your CloudTrail trails and log files with best practices using IAM, log file integrity, encryption, and the Security Hub Controls checklist. Whenever someone wants to get started with AWS security, coupled with our Introduction to AWS Security course, we highly recommend starting with this course and understanding CloudTrail. This service gives you visibility into your AWS environments, and without visibility, you do not have security. Free 9 Lessons Beginner’s Guide to sqlmap Christophe Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration. Not Enrolled 392 Lessons CompTIA Security+ SY0-601 Course Christophe Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need. The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications. By the way, I'm Christophe Limpalair, the founder of Cybr, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified. I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn. Scroll down for a breakdown of what this course covers. On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks. With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level! I’ll see you in the course! NOTE: We do not currently plan on refreshing this course for the 701. There is a significant amount of overlap in the course material (over 93% by our estimation), so this course will still largely prepare you for the 701, but it was not technically designed for that certification version. The main differences are that just a few topics were added in the 701, and some topics were removed (but would still be useful to learn about). Otherwise, they literally just shuffled the domains around to make it look like a totally different cert. Not Enrolled 3 Lessons CompTIA Security+ SY0-601 Practice Exams Christophe Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions. Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank. Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance. Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice. NOTE: We do not currently plan on refreshing these practice exams for the 701. There is a significant amount of overlap in the material between the two certification version (over 80% by our estimation), so this course will still largely prepare you for the 701, but it was not technically designed for that certification version. Not Enrolled 43 Lessons Container Security with Kubernetes & GitLab CI/CD Chad In this hands-on course, learn how to use Kubernetes with GitLab CI/CD, and learn key concepts of container security. You will learn about: How to install GitLab server and Kubernetes on AWS EC2 Container security concepts Kubernetes fundamentals GitLab & Kubernetes security concepts Securing container images Securing Kubernetes Microservices Monitoring and logging for container security Compliance and governance Supply chain security (SCS) and more This course is currently available in Early Access, which means it's a work in progress and we are uploading new content as it becomes available. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger  Not Enrolled 34 Lessons DevSecOps Fundamentals Christophe Learn the fundamentals of DevSecOps to understand what it means, why it matters, and how to implement it within your organization. With DevSecOps, one size doesn't fit all, and it's not just a matter of implementing a handful of tools or concepts. It's about understanding what makes sense for your use case and requirements, and what approaches are most relevant. It's also about understanding how to go from zero to the first few steps of implementation, and how to track progress along the way. Regardless of whether you're starting from scratch with a brand new application, or whether you're dealing with a mature product and organization, that's what this course focuses on helping you achieve. Note that this course is text-only. This means we are not planning on adding video lessons. Please view the "About this course" lesson for more details on this! We do plan on adding more graphics over the coming weeks. This is a premium course which means Monthly and Yearly memberships have access. This course is not available for individual purchase. Not Enrolled 50 Lessons Incident Response with CloudTrail and Athena Christophe Learn how to effectively respond to incidents in your AWS accounts regardless of whether you are running a single or multi-account setup using CloudTrail Lake and Athena — two native AWS services. This Incident Response (IR) course simulates attacks against your AWS environments that have been seen in the real-world. After simulating attacks, you’ll put on your security analyst hat to respond to the incident. You will then learn how to follow IR playbooks from AWS and eventually even create your own by following NIST’s 4 phases: Preparation Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity You’ll learn how to gather information to understand what’s going on and what resources are involved, and how to properly contain the affected resources. You will then take steps to eradicate the threat, recover (and harden) your configurations, and put together a report that you can turn into an updated playbook specific to your environments and use cases. The attack scenarios and end-to-end projects include: IAM credentials exposure to S3 backdoor and data exfiltration IAM credentials exposure to EC2 cryptomining The final section of the course then shows you how to take what you’ve learned and apply it to multi-account setups with centralized CloudTrail logging in a Log Archive account, and centralized IR querying with CloudTrail Lake in a Security Tooling account. Free 25 Lessons Injection Attacks: The Free Guide Christophe In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course! Free 26 Lessons Introduction to Application Security (AppSec) Christophe Description: In this course, we provide a thorough yet high-level understanding of Application Security concepts as they relate to web, mobile, and cloud-based applications. It is intended to provide a foundational overview of core concepts so that you can dive deeper into those respective areas of interest. Free 6 Lessons Introduction to AWS Enumeration Christophe Learn the basics of AWS enumeration in this Hands-On Labs course. Enumeration is the process of identifying and cataloguing AWS resources and services in an environment. The purpose is to gain a comprehensive understanding of the AWS environment, which is a critical step in assessing its security posture. Enumeration is used by both ethical hackers and black hats, because it's one of the first steps in identifying potential vulnerabilities that can be exploited. It's a crucial process for effective cloud security management, because it will allow you to identify misconfigurations or other potential attack vectors that need to be addressed. This course will show you hands-on how to perform enumeration in AWS by walking through the basics and enumerating several very important AWS services that are often targeted by attackers. Not Enrolled 84 Lessons Introduction to AWS Security Christophe Learn how to secure your cloud infrastructure with one of our best-selling courses: Introduction to AWS Security. Designed for AWS security beginners (but not complete beginners to AWS), this training course provides you with the essential knowledge and skills to protect your AWS environments and resources from all sorts of threats. Led by industry experts with extensive experience in AWS security, this course offers a deep dive into the fundamental concepts and best practices for securing cloud infrastructure in Amazon Web Services. You'll gain a solid understanding of Identity and Access Management (IAM), data access control and encryption (including securing S3), network and infrastructure security, and monitoring & logging. Our interactive learning approach combines comprehensive lessons, interactive diagrams, and hands-on lab 🧪 exercises as well as challenges to help you both grasp security concepts and know how to apply them in real-world scenarios. You'll have the opportunity to reinforce your learning and gain hands-on experience configuring security measures directly in the AWS Management Console. Upon completion, you'll be awarded a certificate of completion. This certificate can be added to LinkedIn and can serve as a valuable asset when showcasing your skills to potential employers or clients. Enroll in our Introduction to AWS Security course today and gain the knowledge and confidence to start protecting your AWS environment effectively! Free 10 Lessons Introduction to OS Command Injections Christophe OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader. Not Enrolled 31 Lessons Networking Fundamentals Alden Description: Networking is easily one of the most commonly recommended topics to learn for anyone interested in being in an IT career, and so it's arguably one of the most important skills to build when starting out. Regardless of what job you end up choosing, having at least a foundational understanding of how data travels all around us is very beneficial. So in this course, we're going to learn just that starting with how data travels using physical connections. But physical connections alone aren't enough to make the internet work. We also need to answer questions like: how does data know exactly where to go? Say I'm sending an email to someone - how does that email know to go to that other person's inbox, and no one else's? Or even reading this right now. How did you receive this text and the images on this page that are stored in a different part of the world than where you're located? How does all of it transfer in seconds or even milliseconds? These are fascinating questions that can be answered once we understand how the physical and virtual backbone of the Internet works. Once we understand how human-readable information gets transformed into a format that machines can process, and then back into a human-readable format again. Once we understand how models and standards were created to dictate a set of rules for how devices should communicate. Once we look at all of that, and more, then we start to see how everything is interconnected and how the Internet is able to function the way it does. Join us as we unpack the mysteries of networking and learn Networking Fundamentals that you'll be able to carry with you throughout your entire IT career! Not Enrolled 43 Lessons Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT Christophe Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This course uses and teaches 4 primary tools: CloudGoat Pacu ChatGPT AWS CLI CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are. In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu. We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective. This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths. Not Enrolled 18 Lessons Practical Guide to AWS IAM Roles Christophe Learn how to use IAM Roles like the pros. This course answers questions like: What are IAM roles and how are they different from users? When should you use roles, and how? What are differences between trust policies, managed policies, and inline policies? What's an effective way to assume roles? How does role chaining work? How does cross-account access work? What is IAM Roles Anywhere and how does it work? What are service-linked roles, and how are they different from service roles? What are security implications of using roles? You'll also learn some helpful tips, tricks, and useful tools to make using roles easier and more effective. We start off with a few conceptual lessons to cover key concepts, and then we dive into practical hands-on learning. Not Enrolled 22 Lessons Securing Amazon S3 Christophe Learn what Amazon S3 is, how it works, and how to protect your data. This course will show you how to create and configure buckets, upload and access objects, avoid common security misconfigurations (some of which have resulted in massive breaches), and how to run regular automated scans with open source tools to discover issues. You'll also learn to think like an attacker to find weaknesses that could potentially be exploited. The course was designed to provide a heavy dose of hands-on, practical learning with a mixture of taking action through the console, CLI, and roles. Not Enrolled 33 Lessons Terraform on AWS: From Zero to Cloud Infrastructure Tyler In this hands-on course, you’ll learn how to use Terraform to securely deploy resources on AWS using Infrastructure as Code (IaC). Guided by instructors with experience running Terraform in production, we’ll take you step-by-step from zero prior Terraform knowledge to confidently writing infrastructure as code and deploying production-ready AWS resources securely. Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Free 15 Lessons Wireless Deauthentication Attacks Juan In this project-based course, you will learn the fundamentals of deauthentication attacks, how to build, program, and use your very own deauther device, and how to defend against this type of attack. You will learn the concepts of deauthentication attacks from both a blue and red team perspective, the exact parts you need to build the same deauther device as shown in the course (for only ~$5 in parts), and how to install the required software on your ESP8266 board. After that, you'll execute your first attacks against devices in your own network. Then, you'll learn what can be done to defend against this type of attack. Finally, you'll see a number of different deauther device examples including a deauther watch and a deauther hidden in plain sight, to inspire you to build your own project and share with the community! This is a fun project that anyone with an appetite to learn can complete from their own home. Enroll for free and let's learn some networking security! Free 55 Lessons AWS Certified Security Specialty (SCS-C02) Course Christophe Let's get AWS Security Specialty Certified! Videos will be accessible to all for free, and Hands-On Labs, Quizzes, and Practice Exams will be available to Cybr Premium Members. This course is in active development and new content is added weekly. Since this is a large course, it will take a while to finish and we do not currently have an end date. Join us for free live study groups Free 0 Lessons AWS Certified Security Specialty (SCS-C02) Practice Exams Christophe Let's get AWS Security Specialty Certified! Apart from the sample version, Practice Exams will be available to Cybr Premium Members. These practice exams are in active development and new content is added regularly. We do not currently have an end date. Join us for free live study groups where we walk through sample practice exam questions and scenarios! Free 36 Lessons AWS IAM Privilege Escalation Labs Christophe Learn first-hand how attackers exploit IAM misconfigurations in AWS with tactics pulled from real case studies. This course is entirely made up of 🧪 Hands-On Labs with different scenarios that will teach you how to exploit some of the most dangerous IAM privilege escalation weaknesses. The final section is made up of Challenges that will test your new skills and knowledge by providing vulnerable environments for you to capture the flag with limited information and hints. Good luck and have fun! Free 19 Lessons Beginner’s Guide to AWS CloudTrail for Security Christophe Get started with AWS CloudTrail: one of the most important security services that AWS offers. While the CloudTrail service is enabled by default when you create an AWS account, it's enabled with limited functionality that can leave you blind and can hinder your ability to investigate security incidents. For example, there's a very big difference between Management Events, Data Events, and Insights Events, and only one of those is enabled by default. This course will teach you those differences and the 3 main ways that CloudTrail records data so that you can make an informed decision about what you or your organization needs. After covering important concepts, we'll jump in hands-on and learn how to use CloudTrail's Event History, how to create your first trail, how to enable notifications with CloudWatch and SNS, how to use CloudTrail Insights, and how to work with CloudTrail Lake. Finally, you will learn how to secure your CloudTrail trails and log files with best practices using IAM, log file integrity, encryption, and the Security Hub Controls checklist. Whenever someone wants to get started with AWS security, coupled with our Introduction to AWS Security course, we highly recommend starting with this course and understanding CloudTrail. This service gives you visibility into your AWS environments, and without visibility, you do not have security. Free 9 Lessons Beginner’s Guide to sqlmap Christophe Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration. Not Enrolled 392 Lessons CompTIA Security+ SY0-601 Course Christophe Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need. The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications. By the way, I'm Christophe Limpalair, the founder of Cybr, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified. I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn. Scroll down for a breakdown of what this course covers. On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks. With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level! I’ll see you in the course! NOTE: We do not currently plan on refreshing this course for the 701. There is a significant amount of overlap in the course material (over 93% by our estimation), so this course will still largely prepare you for the 701, but it was not technically designed for that certification version. The main differences are that just a few topics were added in the 701, and some topics were removed (but would still be useful to learn about). Otherwise, they literally just shuffled the domains around to make it look like a totally different cert. Not Enrolled 3 Lessons CompTIA Security+ SY0-601 Practice Exams Christophe Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions. Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank. Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance. Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice. NOTE: We do not currently plan on refreshing these practice exams for the 701. There is a significant amount of overlap in the material between the two certification version (over 80% by our estimation), so this course will still largely prepare you for the 701, but it was not technically designed for that certification version. Not Enrolled 43 Lessons Container Security with Kubernetes & GitLab CI/CD Chad In this hands-on course, learn how to use Kubernetes with GitLab CI/CD, and learn key concepts of container security. You will learn about: How to install GitLab server and Kubernetes on AWS EC2 Container security concepts Kubernetes fundamentals GitLab & Kubernetes security concepts Securing container images Securing Kubernetes Microservices Monitoring and logging for container security Compliance and governance Supply chain security (SCS) and more This course is currently available in Early Access, which means it's a work in progress and we are uploading new content as it becomes available. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger  Not Enrolled 34 Lessons DevSecOps Fundamentals Christophe Learn the fundamentals of DevSecOps to understand what it means, why it matters, and how to implement it within your organization. With DevSecOps, one size doesn't fit all, and it's not just a matter of implementing a handful of tools or concepts. It's about understanding what makes sense for your use case and requirements, and what approaches are most relevant. It's also about understanding how to go from zero to the first few steps of implementation, and how to track progress along the way. Regardless of whether you're starting from scratch with a brand new application, or whether you're dealing with a mature product and organization, that's what this course focuses on helping you achieve. Note that this course is text-only. This means we are not planning on adding video lessons. Please view the "About this course" lesson for more details on this! We do plan on adding more graphics over the coming weeks. This is a premium course which means Monthly and Yearly memberships have access. This course is not available for individual purchase. Not Enrolled 50 Lessons Incident Response with CloudTrail and Athena Christophe Learn how to effectively respond to incidents in your AWS accounts regardless of whether you are running a single or multi-account setup using CloudTrail Lake and Athena — two native AWS services. This Incident Response (IR) course simulates attacks against your AWS environments that have been seen in the real-world. After simulating attacks, you’ll put on your security analyst hat to respond to the incident. You will then learn how to follow IR playbooks from AWS and eventually even create your own by following NIST’s 4 phases: Preparation Detection and Analysis Containment, Eradication, and Recovery Post-Incident Activity You’ll learn how to gather information to understand what’s going on and what resources are involved, and how to properly contain the affected resources. You will then take steps to eradicate the threat, recover (and harden) your configurations, and put together a report that you can turn into an updated playbook specific to your environments and use cases. The attack scenarios and end-to-end projects include: IAM credentials exposure to S3 backdoor and data exfiltration IAM credentials exposure to EC2 cryptomining The final section of the course then shows you how to take what you’ve learned and apply it to multi-account setups with centralized CloudTrail logging in a Log Archive account, and centralized IR querying with CloudTrail Lake in a Security Tooling account. Free 25 Lessons Injection Attacks: The Free Guide Christophe In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course! Free 26 Lessons Introduction to Application Security (AppSec) Christophe Description: In this course, we provide a thorough yet high-level understanding of Application Security concepts as they relate to web, mobile, and cloud-based applications. It is intended to provide a foundational overview of core concepts so that you can dive deeper into those respective areas of interest. Free 6 Lessons Introduction to AWS Enumeration Christophe Learn the basics of AWS enumeration in this Hands-On Labs course. Enumeration is the process of identifying and cataloguing AWS resources and services in an environment. The purpose is to gain a comprehensive understanding of the AWS environment, which is a critical step in assessing its security posture. Enumeration is used by both ethical hackers and black hats, because it's one of the first steps in identifying potential vulnerabilities that can be exploited. It's a crucial process for effective cloud security management, because it will allow you to identify misconfigurations or other potential attack vectors that need to be addressed. This course will show you hands-on how to perform enumeration in AWS by walking through the basics and enumerating several very important AWS services that are often targeted by attackers. Not Enrolled 84 Lessons Introduction to AWS Security Christophe Learn how to secure your cloud infrastructure with one of our best-selling courses: Introduction to AWS Security. Designed for AWS security beginners (but not complete beginners to AWS), this training course provides you with the essential knowledge and skills to protect your AWS environments and resources from all sorts of threats. Led by industry experts with extensive experience in AWS security, this course offers a deep dive into the fundamental concepts and best practices for securing cloud infrastructure in Amazon Web Services. You'll gain a solid understanding of Identity and Access Management (IAM), data access control and encryption (including securing S3), network and infrastructure security, and monitoring & logging. Our interactive learning approach combines comprehensive lessons, interactive diagrams, and hands-on lab 🧪 exercises as well as challenges to help you both grasp security concepts and know how to apply them in real-world scenarios. You'll have the opportunity to reinforce your learning and gain hands-on experience configuring security measures directly in the AWS Management Console. Upon completion, you'll be awarded a certificate of completion. This certificate can be added to LinkedIn and can serve as a valuable asset when showcasing your skills to potential employers or clients. Enroll in our Introduction to AWS Security course today and gain the knowledge and confidence to start protecting your AWS environment effectively! Free 10 Lessons Introduction to OS Command Injections Christophe OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader. Not Enrolled 31 Lessons Networking Fundamentals Alden Description: Networking is easily one of the most commonly recommended topics to learn for anyone interested in being in an IT career, and so it's arguably one of the most important skills to build when starting out. Regardless of what job you end up choosing, having at least a foundational understanding of how data travels all around us is very beneficial. So in this course, we're going to learn just that starting with how data travels using physical connections. But physical connections alone aren't enough to make the internet work. We also need to answer questions like: how does data know exactly where to go? Say I'm sending an email to someone - how does that email know to go to that other person's inbox, and no one else's? Or even reading this right now. How did you receive this text and the images on this page that are stored in a different part of the world than where you're located? How does all of it transfer in seconds or even milliseconds? These are fascinating questions that can be answered once we understand how the physical and virtual backbone of the Internet works. Once we understand how human-readable information gets transformed into a format that machines can process, and then back into a human-readable format again. Once we understand how models and standards were created to dictate a set of rules for how devices should communicate. Once we look at all of that, and more, then we start to see how everything is interconnected and how the Internet is able to function the way it does. Join us as we unpack the mysteries of networking and learn Networking Fundamentals that you'll be able to carry with you throughout your entire IT career! Not Enrolled 43 Lessons Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT Christophe Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This course uses and teaches 4 primary tools: CloudGoat Pacu ChatGPT AWS CLI CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are. In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu. We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective. This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths. Not Enrolled 18 Lessons Practical Guide to AWS IAM Roles Christophe Learn how to use IAM Roles like the pros. This course answers questions like: What are IAM roles and how are they different from users? When should you use roles, and how? What are differences between trust policies, managed policies, and inline policies? What's an effective way to assume roles? How does role chaining work? How does cross-account access work? What is IAM Roles Anywhere and how does it work? What are service-linked roles, and how are they different from service roles? What are security implications of using roles? You'll also learn some helpful tips, tricks, and useful tools to make using roles easier and more effective. We start off with a few conceptual lessons to cover key concepts, and then we dive into practical hands-on learning. Not Enrolled 22 Lessons Securing Amazon S3 Christophe Learn what Amazon S3 is, how it works, and how to protect your data. This course will show you how to create and configure buckets, upload and access objects, avoid common security misconfigurations (some of which have resulted in massive breaches), and how to run regular automated scans with open source tools to discover issues. You'll also learn to think like an attacker to find weaknesses that could potentially be exploited. The course was designed to provide a heavy dose of hands-on, practical learning with a mixture of taking action through the console, CLI, and roles. Not Enrolled 33 Lessons Terraform on AWS: From Zero to Cloud Infrastructure Tyler In this hands-on course, you’ll learn how to use Terraform to securely deploy resources on AWS using Infrastructure as Code (IaC). Guided by instructors with experience running Terraform in production, we’ll take you step-by-step from zero prior Terraform knowledge to confidently writing infrastructure as code and deploying production-ready AWS resources securely. Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Free 15 Lessons Wireless Deauthentication Attacks Juan In this project-based course, you will learn the fundamentals of deauthentication attacks, how to build, program, and use your very own deauther device, and how to defend against this type of attack. You will learn the concepts of deauthentication attacks from both a blue and red team perspective, the exact parts you need to build the same deauther device as shown in the course (for only ~$5 in parts), and how to install the required software on your ESP8266 board. After that, you'll execute your first attacks against devices in your own network. Then, you'll learn what can be done to defend against this type of attack. Finally, you'll see a number of different deauther device examples including a deauther watch and a deauther hidden in plain sight, to inspire you to build your own project and share with the community! This is a fun project that anyone with an appetite to learn can complete from their own home. Enroll for free and let's learn some networking security! Hands-On Labs View list of labs > Get notified when we publish new courses