Cybr Courses Courses Search All Courses7 AlphabeticalNewly Created All CategoriesApplication SecurityBeginnerCertificationsCloud SecurityCybersecurity FundamentalsEthical HackingIntermediateNetworking Security All InstructorsAldenChristopheJuan Free 9 Lessons Beginner’s Guide to sqlmap Christophe Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger Free 25 Lessons Injection Attacks: The Free Guide Christophe In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course! Free 10 Lessons Introduction to OS Command Injections Christophe OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader. Not Enrolled 40 Lessons Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT Christophe Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This course uses and teaches 4 primary tools: CloudGoat Pacu ChatGPT AWS CLI CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are. In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu. We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective. This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths. Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Free 15 Lessons Wireless Deauthentication Attacks Juan In this project-based course, you will learn the fundamentals of deauthentication attacks, how to build, program, and use your very own deauther device, and how to defend against this type of attack. You will learn the concepts of deauthentication attacks from both a blue and red team perspective, the exact parts you need to build the same deauther device as shown in the course (for only ~$5 in parts), and how to install the required software on your ESP8266 board. After that, you'll execute your first attacks against devices in your own network. Then, you'll learn what can be done to defend against this type of attack. Finally, you'll see a number of different deauther device examples including a deauther watch and a deauther hidden in plain sight, to inspire you to build your own project and share with the community! This is a fun project that anyone with an appetite to learn can complete from their own home. Enroll for free and let's learn some networking security! Free 9 Lessons Beginner’s Guide to sqlmap Christophe Learn to use one of the most popular tools to find SQL injection vulnerabilities: sqlmap. In this course, we start out by creating a simple, free, and quick home lab environment with Virtual Box, Kali Linux, and Docker. I'll walk you through step-by-step how to do that, so don't worry if it sounds intimidating! After that, we download and install the latest version of sqlmap. Then, we look at some of the most important and useful features and options for beginners to get started with. Finally, we launch SQL injection attacks against our lab environment in order to extract information from the vulnerable database. sqlmap can be used to extract information such as database schema, database names, table names, password hashes, and more. It even includes a built-in password cracker which we demonstrate by cracking all of the passwords stored in the users table of the database. This course is meant to be easy to follow so that you can quickly learn how to get started with sqlmap. So whether you are interested in becoming a web pentester, or whether you are interested in learning how to make web applications more secure, this course will help you understand what tools and techniques can be used to automate SQL injection attacks and complement manual exploration. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger Free 25 Lessons Injection Attacks: The Free Guide Christophe In this course, we explore the biggest risk facing web applications: injections. While we will focus primarily on SQL injections, there are other types of injections such as OS command, LDAP, XPATH, XML, and SMTP header injections, which are all listed in the OWASP Top 10 risks. In order to truly understand how injections work, we have to learn hands-on by executing attacks against vulnerable applications, and that's exactly what we'll do in this course. We start out by setting up safe and legal environments, and then we go on the offense exploring each successful and unsuccessful attack to understand what's going on, and ultimately, how to protect our apps against such vulnerabilities. So if you're looking for hands-on learning, this is your course! Free 10 Lessons Introduction to OS Command Injections Christophe OS Command Injections are part of the OWASP Top 10 Web Application Security Risks, and as you will see in this course, this threat can result in serious damages if left unchecked. We start out by creating a safe and legal environment for us to perform attacks in. Then, we cover the core concepts of command injections and learn about techniques that can be used to exploit vulnerable targets. After that, we go full-on offensive and perform manual injection attacks as well as automated attacks with a tool called Commix. Once we find vulnerabilities, we generate and plant persistent backdoors that can be exploited to create shells with MSFvenom and Weevely, giving us access to the target server any time we want. After successfully attacking and compromising our targets, we take a step back and discuss defensive controls at the application layer. We also look at actual vulnerable code and show ways of fixing that vulnerable code to prevent injections. Since OS Command injections can be used to exploit most systems running an operating system, such as: web servers, IoT devices, office devices (ie: printers), and more, this is an important threat to understand as an application developer or IT business leader. Not Enrolled 40 Lessons Pentesting AWS Environments with Pacu, CloudGoat, and ChatGPT Christophe Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. This course uses and teaches 4 primary tools: CloudGoat Pacu ChatGPT AWS CLI CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are. In addition to using the AWS command line interface (CLI), we’ll be using a cloud penetration testing tool called Pacu. We will also be using ChatGPT by having it craft payloads, troubleshoot for us, and overall help us speed up and be more effective. This course is primarily for individuals who want to perform security assessments of AWS environments and resources, or who want to learn what to do once they’ve gained access to a set of limited AWS credentials. There are a couple of scenarios that show how to gain initial access to credentials through misconfigurations, but this course is mostly focused on helping you find privilege escalation paths. Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Free 15 Lessons Wireless Deauthentication Attacks Juan In this project-based course, you will learn the fundamentals of deauthentication attacks, how to build, program, and use your very own deauther device, and how to defend against this type of attack. You will learn the concepts of deauthentication attacks from both a blue and red team perspective, the exact parts you need to build the same deauther device as shown in the course (for only ~$5 in parts), and how to install the required software on your ESP8266 board. After that, you'll execute your first attacks against devices in your own network. Then, you'll learn what can be done to defend against this type of attack. Finally, you'll see a number of different deauther device examples including a deauther watch and a deauther hidden in plain sight, to inspire you to build your own project and share with the community! This is a fun project that anyone with an appetite to learn can complete from their own home. Enroll for free and let's learn some networking security! Get notified when we publish new courses