Browse the Full Catalog

This course provides an in-depth exploration of advanced threat modeling techniques. It covers essential tools like MITRE ATT&CK Navigator and Deciduous, and guides you through developing detailed threat models for complex environments. Learn to visualize attack paths and conduct thorough threat modeling workshops.

In this session recorded on July 31, 2024, we talk with Eric Sheesley, Head Global Security Architect at Sony Corporation of America, about the history and practical implementation of the MITRE ATT&CK Framework.

In this course, you will delve into the concept of the "kill chain" and explore some well-known cyber kill chains, including the Cyber Kill Chain (CKC), the MITRE ATT&CK framework, and the Unified Kill Chain (UKC).

In this hands-on lab, you will learn the basics of security ticketing, including the core components of a security ticket and how they can be resolved. You will practice navigating a security ticketing platform, and create, edit, and close tickets in that platform.

Phishing is one of the top techniques leveraged in breaches today, and adversaries use it to send malicious attachments to targeted users. PowerShell is a powerful scripting tool that adversaries can exploit to perform recon and run executables. You will detect these adversary techniques and discover ways to mitigate them.

Adversaries want to understand your environment and will use Remote System Discovery to do so. They can also leverage the same Remote Desktop Protocol (RDP) you'd use to access systems remotely. And, with the right credentials, they can move laterally through your system. Outwit them by detecting and blocking these techniques today.

Do you want to take your cyber threat intelligence skills to the next level so you can better protect your organization? Learn to leverage existing data sources, reduce false positives, and use models like the Cyber Kill Chain, and the MITRE ATT&CK framework to structure your analysis in this Advanced Cyber Threat Intelligence course.

This MITRE ATT&CK training is designed to teach students how to apply the matrix to help mitigate current threats. Students will move through the 12 core areas of the framework to develop a thorough understanding of various access ATT&CK vectors.

In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.

This IT Pro Challenge lab shows learners fundamental web application concepts and Microsoft Azure Resource group services. Learners will use the Microsoft Azure Portal and an existing Azure Resource Group to create an action group, add an email alert action and a webhook action for the action group, and create an alert rule.

This IT Pro Challenge lab shows learners fundamental web application concepts and Microsoft Azure Resource group services. Learners will use the Microsoft Azure Portal and an existing Azure Resource Group to create an action group, add an email alert action and a webhook action for the action group, and create an alert rule.

This Autoscale, a Web App IT Pro Challenge, helps learners understand the concepts of autoscaling, how to configure autoscaling for a web app that needs to scale up over the weekend, and test that the autoscaling worked as intended.

Deploy a Web Job Guided IT Pro Challenge from Learn on Demand challenges students to provision, deploy, and test an Azure web task. The web task will be deployed to an existing web application. This requires learning the Microsoft Azure Resource group services as well as fundamental web application concepts.

This IT Pro Challenge virtual lab teaches learners to set up an Azure Portal web app for continuous release through creating deployment slots and enabling GIT. Learners pursuing careers in Software Programming, System Administration, Cybersecurity, and Quality Testing, benefit from managing cloud development environments in this lab.

This IT Pro Challenge virtual lab teaches learners how to use recovery services vault. Learners will gain experience using services vault, backup policy to enable virtual machine backup. Skills learned in this lab are valuable in multiple job roles such as System administrator and Azure administrators in IT.

This IT Pro Challenges virtual lab teaches learners fundamental Azure Storage Account skills to create, deploy to, and upload to a storage account. Also, participants take and manage image snapshots. This hands-on experience benefits business and technical people in using the Azure cloud successfully to keep and backup files.

In this hands-on lab, learners are introduced to the skills required to secure the Azure SQL. Exercises in this lab teach users how to enable dynamic data masking using a logical server and query editor while learning the Azure concepts. The topics covered in this lab are crucial for learners to be effective in Azure administrator roles in IT.

This Configure Geo-Replication for your Database IT Pro Challenge virtual lab shows learners how to create a new Azure SQL Database, enable it for Geo-Replication, and test it for failover. The skills that learners acquire in this challenge are valuable to database administrators in the IT or cybersecurity fields.

In this hands-on challenge, you will practice navigating Windows and Linux file systems.

In this month's Cybrary challenge, you will be exploring the inner workings of automobiles by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is the black box for vehicles, recording every action taken.

In this month's Cybrary challenge, you will be exploring the inner workings of automobiles by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is the black box for vehicles, recording every action taken.

In this hands-on challenge, you will practice your Python scripting skills by finishing a partially-complete script.

In this hands-on challenge, you will practice decrypting encryption keys using SSL. For this challenge, you are encouraged to apply your knowledge of BASH to expedite the process with a script.

‍

In this hands-on challenge, you practice configuring rules for an iptables firewall.

‍

In this hands-on challenge, you will practice configuring access control lists for a series of folders.

‍

In this hands-on challenge, you will practice troubleshooting issues in a simulated network using GNS3.

In this hands-on challenge, you will have the opportunity to put your Wireshark skills to the test.

‍

CVE-2024-21626 is a severe vulnerability affecting all versions of runc up to 1.1.11, a critical component utilized by Docker and other containerization technologies like Kubernetes. This vulnerability enables an attacker to escape from a container to the underlying host operating system. Put on your red team hat to exploit this vulnerability.

CVE-2024-4040 is a critical vulnerability in CrushFTP, a Java-based robust file server. Rated with a CVSS score of 10, this flaw permits remote, unauthorized attackers to circumvent authentication mechanisms, thereby gaining remote code execution (or RCE). In this course you’ll explore, exploit, and remediate this CVE.

CVE-2024-23334 is a high severity vulnerability found in the aiohttp Python library, a popular asynchronous HTTP client/server framework. By the end of this course you will be able to execute a directory traversal attack using aiohttp's vulnerable configuration and then perform remediation steps to fix the vulnerability.

CVE-2024-27348 is a critical vulnerability in Apache HugeGraph, a graph database designed for large-scale data management. With a CVSS score of 9.8, attackers can exploit this flaw by sending crafted payloads to execute arbitrary commands, potentially leading to a full system compromise.

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

‍

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!