Cybr Courses Courses Search All Courses7 AlphabeticalNewly Created All CategoriesAdvancedApplication SecurityBeginnerCertificationsCloud SecurityCybersecurity FundamentalsEthical HackingIntermediateNetworking Security All InstructorsAldenChristopheJuan Not Enrolled 11 Lessons AWS Certified Security Specialty (SCS-C02) Course Christophe Let's get AWS Security Specialty Certified! This course will be launching in Early Access either April or May 2024 Not Enrolled 392 Lessons CompTIA Security+ SY0-601 Course Christophe Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need. The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications. By the way, I'm Christophe Limpalair, the founder of Cybr, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified. I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn. Scroll down for a breakdown of what this course covers. On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks. With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level! I’ll see you in the course! Not Enrolled 3 Lessons CompTIA Security+ SY0-601 Practice Exams Christophe Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions. Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank. Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance. Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger Free 35 Lessons IAM Privilege Escalation Labs Christophe Learn first-hand how attackers exploit IAM misconfigurations in AWS with tactics pulled from real case studies. This course is entirely made up of 🧪 Hands-On Labs with different scenarios that will teach you how to exploit some of the most dangerous IAM privilege escalation weaknesses. The final section is made up of Challenges that will test your new skills and knowledge by providing vulnerable environments for you to capture the flag with limited information and hints. Good luck and have fun! Not Enrolled 45 Lessons Incident Response with CloudTrail and Athena Christophe End-to-end project where you will learn how to configure your AWS environment for Incident Response using recommended best practices. This course will show you how to deploy and use roles through IAM Identity Center, how to investigate incidents with CloudTrail Lake and Amazon Athena, and how to properly respond to two real-world incident scenarios: IAM credentials exposure to S3 backdoor and data exfiltration IAM credentials exposure to EC2 cryptomining Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Not Enrolled 11 Lessons AWS Certified Security Specialty (SCS-C02) Course Christophe Let's get AWS Security Specialty Certified! This course will be launching in Early Access either April or May 2024 Not Enrolled 392 Lessons CompTIA Security+ SY0-601 Course Christophe Get ready to pass the CompTIA Security+ SY0-601 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need. The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications. By the way, I'm Christophe Limpalair, the founder of Cybr, and the author of this all-in-one Security+ course. I have over 7 years of training experience, and I’ve been in IT for about 20 years. I’ve taught tens of thousands of students in cybersecurity, cloud computing, and web development, and I look forward to helping you get certified. I've personally taken and passed this exam, so I know exactly what you need to learn and how, and I've sprinkled in tips and tricks throughout the course that will help you get ready for the real exam. I specifically designed this course syllabus to match the official CompTIA Exam Objectives so that you can keep track of what you’ve learned and what you still need to learn. Scroll down for a breakdown of what this course covers. On top of the training you receive, you get access to Cybr’s free Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks. With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level! I’ll see you in the course! Not Enrolled 3 Lessons CompTIA Security+ SY0-601 Practice Exams Christophe Practice for the real CompTIA Security+ SY0-601 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself. In fact, we include both types of CompTIA questions: Performance-based questions and Multiple-choice questions. Performance-based Questions (PBQs): Access multiple PBQs which are designed to test a candidate's ability to solve problems in real-world settings. These are run as simulations for the Security+, so we provide you with interactive testing that closely resembles what you could expect to see on the exam. For example, we provide PBQs that are drag & drop and fill in the blank. Multiple-choice Questions: Access multiple-choice questions that cover a wide range of topics covered by the real exam. These questions and answers have been carefully crafted by Cybr to verify your knowledge of Domains 1 through 5, which include: Attacks, Threats, and Vulnerabilities; Architecture and Design; Implementation; Operations and Incident Response; Governance, Risk, and Compliance. Every single question in our practice exam was created by individuals who are CompTIA Security+ SY0-601 certified, which means that they have experienced the exam first-hand and passed it. We know what you're going to go through, so we want you to be as prepared as possible. We even include detailed explanations of the correct and incorrect answers. That way, you continue to learn as you take our practice exams, and you can identify focus points. The exam itself will never contain more than 90 questions but could have fewer, which is why our practice exams include a minimum of 80 questions up to 90 questions, as a combination of PBQs and Multiple Choice. Not Enrolled 42 Lessons Cross-Site Scripting (XSS): The Practical Guide Christophe Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner. In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat. If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course! Testimonials: "I've got about 3 years in software security with about 23 years in information and DOD security. While I was familiar with XSS I always thought it was a unique and not so dangerous vulnerability. Your course showed me just how damaging XSS could be, and the various ways to assess and mitigate XSS vulnerabilities. I’ll be incorporating your tools and processes in the way I work with teams to evaluate their products." - Matthew H. "This course is great and I would recommend it to anyone trying to learn about web-pentesting or trying to pursue bug bounty as this course gives you a good basis on XSS with a lot of hands-on work." - Bludger Free 35 Lessons IAM Privilege Escalation Labs Christophe Learn first-hand how attackers exploit IAM misconfigurations in AWS with tactics pulled from real case studies. This course is entirely made up of 🧪 Hands-On Labs with different scenarios that will teach you how to exploit some of the most dangerous IAM privilege escalation weaknesses. The final section is made up of Challenges that will test your new skills and knowledge by providing vulnerable environments for you to capture the flag with limited information and hints. Good luck and have fun! Not Enrolled 45 Lessons Incident Response with CloudTrail and Athena Christophe End-to-end project where you will learn how to configure your AWS environment for Incident Response using recommended best practices. This course will show you how to deploy and use roles through IAM Identity Center, how to investigate incidents with CloudTrail Lake and Amazon Athena, and how to properly respond to two real-world incident scenarios: IAM credentials exposure to S3 backdoor and data exfiltration IAM credentials exposure to EC2 cryptomining Not Enrolled 61 Lessons The Practical Guide to sqlmap for SQL Injection Christophe Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API. Get notified when we publish new courses