Cybr Courses

Get ready to pass the CompTIA Security+ SY0-701 with our in-depth, comprehensive, and high-quality course (including 4k videos and full transcripts). Whether you are new to IT or you already have experience, my course is designed to help you learn all of the topics you need.

The CompTIA Security+ certification is one of the most well-known cybersecurity certifications. It can not only provide you with more job opportunities, but it also provides you with a learning path of important cybersecurity topics you need to understand in order to have a successful career in this space. In fact, certain jobs require that you have at least one IT certification, and the Security+ can often qualify as one of those certifications.

On top of the training you receive, you get access to Cybr’s Discord community where you can meet others who are actively studying for the Security+ or who have passed it and can provide you with tips and tricks.

With an increasing demand for cybersecurity jobs, getting started with this course is a no-brainer. Let’s get started, and let’s take your career to the next level!

I’ll see you in the course!

Practice for the real CompTIA Security+ SY0-701 certification exam with our realistic practice exams. Our exams closely resemble the real exam to provide you with the type of questions and answers that you can expect to see on the exam itself.

In this hands-on course, learn how to use Kubernetes with GitLab CI/CD, and learn key concepts of container security.

You will learn about:

• How to install GitLab server and Kubernetes on AWS EC2
• Container security concepts
• Kubernetes fundamentals
• GitLab & Kubernetes security concepts
• Securing container images
• Securing Kubernetes Microservices
• Monitoring and logging for container security
• Compliance and governance
• Supply chain security (SCS)
• and more

Please note: All video lessons and text lessons/notes have been added, but not all 1-click deploy hands-on labs are available yet.  You can still complete this course in its entirety if you plan on using your own environment.

Description: In this course, you will develop the skills you need to successfully perform and combat Cross-Site Scripting (XSS) attacks. XSS is one of the top 10 most dangerous and common web application attacks according to both OWASP and CWE. I've spent months creating and collecting the best resources on XSS to put them in this course so that you can learn Cross-Site Scripting in a fun, efficient, and practical manner.

In order to truly understand how XSS works and how to defend against it, you have to learn hands-on by executing attacks against vulnerable applications and then looking at secure versions of the same code, and that's exactly what you'll do in this course. We start out by explaining the concepts of XSS and its 3 main types: Reflected, Stored (Persistent), and DOM-based. Then, we take a look at case studies of recent real-world XSS vulnerabilities in Facebook, Gmail, Twitter, Tesla, Airbnb, and TikTok. After that, we spin up a lab environment to perform all 3 types of attacks with both manual and automated approaches. We then set up, configure, and use a powerful browser exploitation framework called BeEF to deliver a payload that hooks unsuspecting browsers. From there, you can launch a number of different attacks using BeEF command modules (ie: scanning internal networks, defacing websites, compromising routers, and more). Next, we apply everything we've learned to pentest the OWASP Juice Shop starting with information gathering, and then exploiting all 3 types of XSS. Finally, we wrap up the course by discussing the most (and least) effective defensive controls, including rules, cheat sheets, and recommended code review techniques to properly defend your applications from this dangerous threat.

If you're looking for a hands-on way to learn Cross-Site Scripting, this is your course!

Testimonials:

Learn how to effectively respond to incidents in your AWS accounts regardless of whether you are running a single or multi-account setup using CloudTrail Lake and Athena — two native AWS services.

This Incident Response (IR) course simulates attacks against your AWS environments that have been seen in the real-world. After simulating attacks, you’ll put on your security analyst hat to respond to the incident. You will then learn how to follow IR playbooks from AWS and eventually even create your own by following NIST’s 4 phases:

• Preparation
• Detection and Analysis
• Containment, Eradication, and Recovery
• Post-Incident Activity

You’ll learn how to gather information to understand what’s going on and what resources are involved, and how to properly contain the affected resources. You will then take steps to eradicate the threat, recover (and harden) your configurations, and put together a report that you can turn into an updated playbook specific to your environments and use cases.

The attack scenarios and end-to-end projects include:

• IAM credentials exposure to S3 backdoor and data exfiltration
• IAM credentials exposure to EC2 cryptomining

The final section of the course then shows you how to take what you’ve learned and apply it to multi-account setups with centralized CloudTrail logging in a Log Archive account, and centralized IR querying with CloudTrail Lake in a Security Tooling account. 

In this hands-on course, you’ll learn how to use Terraform to securely deploy resources on AWS using Infrastructure as Code (IaC).

Guided by instructors with experience running Terraform in production, we’ll take you step-by-step from zero prior Terraform knowledge to confidently writing infrastructure as code and deploying production-ready AWS resources securely.

Description: Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we're learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we've covered sqlmap's options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API.