Monday Mix: New this week Threat Actor Campaigns and OWASP Top 10

Hi Cybrary fans!

April cyber kill chains bring May ransomware course campaigns. 🥷

We're kicking off a new month with cutting-edge courseware, labs, and podcasts designed to keep you informed and ready to defend your organization against critical cyberattacks!

New Courses:

Calling all blue teamers, red teamers, and everyone in between! Did you know that the financial industry saw a 1,318% increase in ransomware attacks in just the first half of 2021? If ransomware were a country, then notorious financially-motivated threat actor groups like FIN7 would make up the third richest country in the world. As crafty adversaries leverage key techniques to rob our crucial financial and hospitality businesses from millions of dollars worth of data, capital, and productivity hours, now is the time to level up your skills so you can beat them at their own game.

*Stop adversaries in their tracks before they can ever leave a ransom note!*

Here's how you can join the fight against ransomware. We have an exciting new course training series to debut! Aligned to adversary techniques and mitigation strategies within the MITRE ATT&CK framework, our expert-curated threat actor campaigns will give you the hands-on experience you need to enhance your detection methods.

Enroll now in our new Ransomware for Financial Gain campaign to start your threat-informed defense training today. See the full list of courses here, where you can learn to emulate, detect, and mitigate a new adversary technique in an hour:

• Spearphishing Attachment and PowerShell
• Application Shimming and Data from Local System
• Kerberoasting and Domain Accounts
• Match Legitimate Name or Location and Data Encrypted for Impact
• Remote System Discovery and Remote Desktop Protocol
• Non-Standard Port
• Exfiltration to Cloud Storage

New Hands-on Labs

Check out our 8 new Skillable labs, which provide you with network analysis, vulnerability scanning, and Identity and Access Management (IAM) training.

• Manage Users and Roles
• Perform Network Sniffing
• Perform Web Server Vulnerability Scans
• Prepare the NSX Infrastructure
• Use Linux Tools and Commands
• Use Operating System Tools and Features
• Use SSH for Remote Access
• Utilize Network Analysis Tools

The Cybrary Podcast

The Open Web Application Security Project (OWASP) provides a gold standard to global security professionals seeking to identify, exploit, and remediate the most common, critical web app vulnerabilities. Cybrary’s unofficial Hacker in Chief and legendary instructor, Clint Kehr, breaks down what’s new in the 2021 update to the OWASP Top 10 list. Learn how Clint and the CyDefe team worked to bring you custom lab exercises that challenge you to think like a pen tester.

Counting Down the OWASP Top 10 List with Clint Kehr | The Cybrary Podcast Ep. 82

Cybrary's OWASP content is up to date and better than ever! Eager to start exploiting these web app vulnerabilities? Enroll now in all 10 of our OWASP Top 10 courses:

• A01:2021 - Broken Access Control
• A02:2021 - Cryptographic Failures
• A03:2021 - Injection
• A04:2021 - Insecure Design
• A05:2021 - Security Misconfiguration
• A06:2021 - Vulnerable and Outdated Components
• A07:2021 - Identification and Authentication Failures
• A08:2021 - Software and Data Integrity Failures
• A09:2021 - Security Logging and Monitoring Failures
• A10:2021 - Server-Side Request Forgery (SSRF)

Coming Soon

The countdown is on for the release of the next CVE Series course on the Redis vulnerability (CVE-2022-0543). Don’t let adversaries take advantage of this Lua sandbox escape flaw to start executing any of their desired commands on your system. Bookmark and sign up for updates on the course to be notified as soon as it's ready for you! CVE Series: Redis (CVE-2022-0543)

Happy learning!