Browse the Full Catalog
Cybrary has the fastest growing, fastest moving catalog - We publish new content weekly! Learn at your own pace - with flexible learning, you can build your skills whenever, wherever.
The content and tools you need to build real-world skills
Rapidly develop your skills via an integrated, and engaging learning
experience on the Cybrary platform.
On-Demand Video Training
Expert instructed from industry leaders
Virtual Labs
Hands on experience to apply and reinforce newly learned skills
Practice Exams
Prepare for industry certifications
Assessments
Gauge your skill development and see real-time progress
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
AZ-104 Microsoft Azure Administrator
Looking to enhance your experience with Azure administrative cloud technologies and solutions? This Microsoft Azure AZ-104 Certification training course will help you pass the exam and confidently administer basic Azure solutions such as web servers, networking solutions, storage solutions and cloud environment monitoring.
AWS Certified Solutions Architect Associate (SAA-C03)
Ready to design and implement distributed systems on AWS? This AWS Solutions Architect Associate training course will prepare you to pass the associate-level certification exam. Gain hands-on experience with configuring AWS secure architecture, creating a custom VPC, and more.
CompTIA Network+ (N10-008)
Eager to learn basic networking concepts and pass the CompTIA Network+ (N10-008) exam? Cybrary’s Network+ training course provides you with the knowledge to prepare for the exam and perform entry-level networking tasks such as troubleshooting, routing, and intrusion detection.
AWS Certified Cloud Practitioner
Learn the foundational principles of Amazon Web Services (AWS), the world’s most comprehensive and broadly adopted cloud platform. This AWS Cloud Practitioner training not only gives you a solid understanding of how to implement AWS cloud solutions but also prepares you to pass the current related certification exam.
HCISPP
As our healthcare industry grows, so do the risks associated with keeping health information secure. The HCISPP certification is ideal for security professionals responsible for safeguarding protected health information (PHI). Take this HCISPP training course to prepare to manage and implement security controls for healthcare information.
Microsoft 365 Security Administration (MS-500)
Are you a system administrator who wants to get a certification that is globally recognized and shows your commitment to staying current with Microsoft technologies and security best practices? Take this MS-500 training course and prepare to slay the exam with the knowledge and skills employers are looking for.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
CompTIA
Cyber Defense Analyst
Career Path
Entry Popular
Practitioner Popular
Become a SOC Analyst - Level 1
A Security Operations Center Analyst (SOC Analyst) stands as a front line of defense against the ever present cyber threats faced by organizations today. A SOC team ensures an organization’s digital assets remain secure and protected from unauthorized access by monitoring and responding to massive amounts of data in record time. In this role, you will protect your organization’s infrastructure by monitoring data to identify suspicious activity, then mitigating risks before a breach occurs. Cybrary's Become a SOC Analyst - Level 1 career path will equip you to break into the field with skills aligned to the US National Institute of Standards and Technology's Cyber Defense Analyst NICE work role.
Leadership and Management
Manager Popular
Leadership and Management
Manager Popular
Career Path
Entry Popular
Foundations
IT Foundations
Learn the foundational IT concepts essential to all cybersecurity roles, and stop wasting time trying to figure out where to get started. Too many beginners get discouraged navigating unreliable, outdated, and irrelevant information, making it feel impossible to know how to move forward. That’s why we’ve curated this IT foundations course, featuring thoughtful, bite-sized content from expert instructors who have helped thousands of other beginners grasp essential IT topics. Get ready to take your first steps into cybersecurity by diving into core IT concepts needed for any cybersecurity role.
Career Path
Entry Popular
Foundations
Cybersecurity Foundations
Get everything you need to start your cybersecurity career journey, and stop wasting your time (and money) sorting through unreliable information from questionable sources. While the industry offers very lucrative career opportunities, finding accurate, relevant information to break into the field can be incredibly frustrating. That’s why we’ve crafted this foundational course, with curated content from expert instructors covering core concepts found across all cybersecurity roles. Build practical skills and gain confidence as you begin your cybersecurity journey.
CompTIA A+
CompTIA Linux+
Microsoft 365 Fundamentals (MS-900)
CompTIA
Microsoft
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
CIS Critical Security Control 6: Access Control Management
Welcome to our course series on CIS Top 18 Critical Security Controls v8. In this course covering control 6: Access Control Management, you'll demonstrate how to enable Multifactor Authentication (MFA) on a Linux server and define role-based access controls.
Lateral Movement: Remote Desktop Protocol (RDP)
T1021.001 is a comprehensive course that delves into the realm of lateral movement and remote services, with a particular emphasis on Remote Desktop Protocol (RDP). This course aims to equip students with a thorough understanding of RDP, its implementation, and the potential security implications of its use.
Valid Accounts: Local Accounts
Threat actors often leverage valid accounts to gain unauthorized access to target systems and networks. T1078.003 is a focused course designed to provide participants with a deep understanding of local accounts and their exploitation to further the objectives of an adversary in a cyber operation.
Protocol Tunneling
Maintaining privacy and security has become increasingly vital for both individuals and organizations. T1572/T1573 is a comprehensive, hands-on course designed to equip participants with in-depth knowledge of protocol tunneling and encrypted channels - two critical techniques for secure and covert communication.
Exfiltration Over Alternative Protocol: Asymmetric Encrypted Non-C2 Protocol
Threat actors often leverage valid accounts to gain unauthorized access to target systems and networks. T1078.003 is a focused course designed to provide participants with a deep understanding of local accounts and their exploitation to further the objectives of an adversary in a cyber operation.
CIS Critical Security Control 3: Data Protection
Welcome to our course series on CIS Top 18 Critical Security Controls v8. In this course covering control 3: Data Protection, you'll practice configuring data access control lists. Plus, learn how to deploy a data loss prevention solution and encrypt data on both end-user devices and removable media.
CompTIA Security+ (SY0-601)
Ready to start your cybersecurity journey? The CompTIA Security+ SYO-601 credential is one of the most essential certifications in the world of information security today. Learn about essential introductory security and risk management concepts from world-famous cybersecurity instructor, Kelly Handerhan.
AZ-104 Microsoft Azure Administrator
Looking to enhance your experience with Azure administrative cloud technologies and solutions? This Microsoft Azure AZ-104 Certification training course will help you pass the exam and confidently administer basic Azure solutions such as web servers, networking solutions, storage solutions and cloud environment monitoring.
Cybrary Challenges
Cybrary Challenge: Motor Mayhem
In this challenge, you will take on a CAN Bus challenge by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is a message-based protocol found in the automobiles that we use today. Every action of the car is recorded into this dump file. This allows us to read vehicle operations such as turn signals and other vehicle operations.
Cybrary Challenges
Cybrary Challenges
Challenge: Memory Mysteries
In this challenge, you will take on a memory forensics challenge by analyzing a dump file. Memory forensics is an important piece of evidence when conducting a forensics investigation. Unique insights such as network connections and injected processes can be found through memory analysis.
Cybrary Challenges
Cybrary Challenges
Cybrary Challenges
Cybrary Challenges
Challenge: Between Two Numbers
In this challenge, you will take on a reverse engineering challenge by analyzing a binary file. Malicious attackers will always use malware or custom binary files to execute their goals. The goal is to show from an analyst point of view (POV) how to do basic file analysis.
Cybrary Challenges
Challenge: Saving A Fellow Spy
You will take on a cryptography challenge in this challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Cybrary Challenges
Challenge: Space Mission
In this challenge, you will take on a cryptography challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Cybrary Challenges
Challenge: A Message Within A Message
In this challenge, you will take on a cryptography challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Cybrary Challenges
Challenge: Don't Believe What You Hear
In this challenge, you will take on a Steganography challenge identifying embedded data within an audio file. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Cybrary Challenges
Challenge: Chatting with ChatGPT
In this challenge, we will take a different approach and dive into the world of AI technology. By completing this challenge, you will learn more about ChatGPT, how it works, its capabilities, and its limitations. As cybersecurity professionals, it is essential to adapt to the ever-changing technology and security landscape.
Cybrary Challenges
Challenge: Saving a Fellow Monster
In this challenge, you will take on a Steganography challenge identifying embedded data within an image. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Cybrary Challenges
Challenge: Gobble Gobble Conceal & Deceive
In this challenge, you will take on a Steganography challenge identifying embedded data within an image. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Cybrary Challenges
Cybrary Challenges
Cybrary Challenges
Challenge: For the Rebellion or the Empire
This challenge will have you analyze traditional Registry artifacts to identify unauthorized activity. The goal is to see from a blue teamer's point of view the actions an unauthorized user may take on a victim's system when there are inadequate security controls in place.
Cybrary Challenges
Challenge: Update B4 It's 2Late
National Cybersecurity Awareness Month has four themes; the last being 'Update Your Software.' This challenge will have you analyze a log and identify a web application attack. The goal is to piece together the narrative from the suspicious requests and understand how attacks like these can happen when you do not update your software.
Cybrary Challenges
Challenge: MFA ... All Day Every Day
National Cybersecurity Awareness Month has several themes, one of which is Multi-Factor Authentication (MFA). This MFA challenge will have you analyze a log and identify the potential MFA attack. The goal is to review suspicious requests and identify how MFA can be attacked in real-world use cases.
Cybrary Challenges
Challenge: Password123
National Cybersecurity Awareness Month has several themes, one of which is Password Complexity Awareness. This password challenge will have you analyze a password and validate if it is secure. The goal is to attempt to crack a password and gain hands-on skills to evaluate the importance of password complexity for real-world use cases.
Cybrary Challenges
Challenge: Teach a Person to Phish
National Cybersecurity Awareness Month has several themes, one of which is Phishing Awareness. This phishing challenge will have you analyze a real phish caught in the wild! The goal is to identify exactly why it was flagged as a phish and gain hands-on skills to validate a suspicious email!
Cybrary Challenges
Challenge: Episode II - Attack of the Encoders
Adversaries commonly use encoding, encryption, and hashing to obscure their scripts and attacks. As a CTF player, you will need to analyze alerts and uncover the true nature of a suspicious string embedded in a file. Can you help figure out what it’s trying to say?
Cybrary Challenges
Cybrary Challenges
Challenge: The Base(64)ics
Threat actors commonly use legitimate tools in nefarious ways. As a CTF player, you’ll need to find creative ways to uncover these types of tactics. While evaluating a recent alert in your EDR, you’ve come across a weird string at the end of a powershell command. Can you help figure out what it’s trying to say?
Cybrary Challenges
Challenge: Spiny Shell
You receive an alert about a suspicious command execution on a Windows endpoint. Early analysis suggests PowerShell has not locked down appropriately. Can you validate if anything malicious is underway? Now that you have some basic information discovered, dive deeper into the suspicious command to identify the attacker's infrastructure and setup!
CVE Series
CVE Series: WinRar Vulnerability (CVE-2023-38831)
WinRAR, a popular 1990s file archiver still used by 500 millions users worldwide, suffers from a high severity Remote Code Execution (RCE) vulnerability. In this course you’ll be putting on your Red Team hat to create your own malicious file and gain control of the victim’s computer by leveraging this CVE!
CVE Series
CVE Series: Openfire (CVE-2023-32315)
If you're a cybersecurity practitioner who wants to know more about how to exploit and defend against CVE-2023-32315 (Openfire Path Traversal to RCE), you won't want to miss this course. You will identify the vulnerability, exploit it, and mitigate it in a hands-on, secure lab environment. Don't let Openfire catch you off guard.
CVE Series
CVE Series: Dirty Pipe (CVE-2022-0847)
Dirty Pipe (CVE-2022-0847) is the most critical vulnerability to impact Linux distributions in years. By exploiting this local kernel flaw, adversaries can quickly escalate privileges and even gain root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.
CVE Series
CVE Series: noPac (CVE-2021-42278 and CVE-2021-42287)
Ready to defend your organization against the critical noPac double vulnerability (CVE-2021-42278 and CVE-2021-42287) that can lead to advanced privilege escalation on Windows systems? Get ahead of the curve in this hands-on course that allows you to both exploit and mitigate this vulnerability with potentially significant, far-reaching impacts.
CVE Series
CVE Series: Polkit (CVE-2021-4034)
The Polkit vulnerability (CVE-2021-4034) is a critical vulnerability impacting every major Linux distribution. Its attack vector allows privilege escalation and can even give the attacker root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.
CVE Series
CVE Series: Log4J (CVE-2021-44228)
The Log4J vulnerability (CVE-2021-44228) took the world by storm in late 2021. Do you have what it takes to exploit and mitigate this critical vulnerability that experts say had the biggest global impact since Shellshock? Find out in this course, where you'll put your defensive and pen testing skills to the ultimate test in a virtual lab.
CVE Series
CVE Series: InstallerFileTakeOver (CVE-2021-41379)
InstallerFileTakeOver (CVE-2021-36934) is a Windows elevation of privilege vulnerability that emerged in late 2021 and could allow a threat actor to acquire elevated SYSTEM-level access. You will exploit this vulnerability in a virtual lab environment and learn how to mitigate it so you can protect your organization.
CVE Series
CVE Series: MSHTML Vulnerability (CVE-2021-40444)
The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a threat actor to execute code on a victim’s machine. In this advanced course, you will exploit and mitigate this vulnerability in a secure lab environment, giving you the skills you need to protect your organization.
CVE Series
CVE Series: HiveNightmare (CVE-2021-36934)
HiveNightmare (CVE-2021-36934) is a serious vulnerability that gives threat actors access to sensitive data in the Windows Registry. Don't get stung by HiveNightmare. Get hands-on experience mitigating and exploiting this vulnerability in a secure lab environment by taking this course today.
CVE Series
CVE Series: PrintNightmare (CVE-2021-1675 and CVE-2021-34527)
PrintNightmare (CVE-2021-1675 and CVE-2021-34527) is a critical vulnerability in the Windows Print Spooler service running on almost every Windows operating system. Dive into a hands-on lab and course where you will exploit and mitigate the vulnerability. Don't get caught unaware by PrintNightmare.
CVE Series
CVE Series: Ghostcat (CVE-2020-1938)
If you're a cybersecurity practitioner who wants to know more about how to exploit and defend against Ghostcat (CVE-2020-1938), the you won't want to miss this course. You will identify the vulnerability, exploit it, and even mitigate it in a hands-on, secure lab environment. Don't let Ghostcat catch you off guard.
CVE Series
CVE Series: F5 BIG-IP (CVE-2022-1388)
The BIG-IP iControl REST vulnerability (CVE-2022-1388) is a critical flaw that allows unauthenticated attackers to execute system root-level commands remotely. This vulnerability was given a CVSS score of 9.8 due to how easy it is to exploit and the level of access it grants attackers. Learn how to exploit and mitigate this vulnerability today!
CVE Series
CVE Series
CVE Series: Atlassian Bitbucket Command Injection (CVE-2022-36804)
The Atlassian Bitbucket command injection flaw (CVE-2022-36804) is a remote, unauthenticated, command injection vulnerability affecting application programming interface (API) endpoints in Bitbucket Server and Data Center. Stop an attacker from stealing sensitive information or installing malware as you exploit and mitigate this vulnerability!
CVE Series
CVE Series: Grafana Directory Traversal (CVE-2021-43798)
The Grafana Directory Traversal vulnerability (CVE-2021-43798) is a critical arbitrary file reading vulnerability impacting global Grafana servers and has been exploited in the wild. Take this course to learn how to exploit and mitigate this vulnerability!
CVE Series
CVE Series: Blind NoSQL Injection (CVE-2021-22911)
The Blind NoSQL Injection vulnerability (CVE-2021-22911) is a critical flaw impacting Rocket.Chat servers across the globe and has been known to be exploited in the wild. Stop an adversary from potentially executing commands on a victim system by learning how to exploit and mitigate this vulnerability!
CVE Series
CVE Series: Apache HTTPD (CVE-2021-42013)
The Apache HTTPD vulnerability (CVE-2021-42013) is a critical flaw impacting servers across the globe. This vulnerability gives an attacker the ability to enumerate a system and execute commands on the victim system if exploited. Exploit and mitigate the vulnerability in a secure lab environment!
CVE Series
CVE Series: Apache Spark (CVE-2022-33891)
Apache Spark is the biggest open-source project used for large-scale data processing and machine learning. Companies love it for its fast speed and ease of use. But a security flaw allows an adversary to just add a shell command to the URI to perform an arbitrary shell command execution. Exploit this flaw today using two attack vectors!
CVE Series
CVE Series: Django (CVE-2022-34265)
Django is a Python-based web framework design for fast, easy application creation. Popular apps like Instagram and Clubhouse use Django, but are you prepared to exploit and mitigate the high-risk Django flaw (CVE-2022-34265) that leaves applications vulnerable to SQL injection attacks? Put your pentest skills to the test in our course!
CVE Series
CVE Series: Follina (CVE-2022-30190)
The Follina exploit (CVE-2022-30190) is a Windows Remote Code Execution (RCE) vulnerability that could allow a threat actor to acquire an initial level of access after a successful phishing attack. Take our course to gain the skills you need to identify the vulnerability, detect it, and mitigate it (with current best knowledge).
CVE Series
CVE Series: Confluence RCE (CVE-2022-26134)
CVE-2022-26134 is an Object-Graph Navigation Language (OGNL) injection flaw impacting Atlassian Confluence & Data Center software. Leveraging this remote code injection (RCE) flaw, adversaries can execute arbitrary code on a server. Atlassian tools are popular with more remote work, so mitigation is key. Exploit, detect, & mitigate this flaw!
CVE Series
CVE Series: OpenSSL Infinite Loop (CVE-2022-0778)
The OpenSSL infinite loop vulnerability (CVE-2022-0778) is a critical flaw impacting systems running OpenSSL versions 1.0.2, 1.1.1 and 3.0. If exploited, this vulnerability allows adversaries to perform a denial-of-service (DOS) attack. Take our course to exploit this vulnerability in a secure lab environment.
CVE Series
CVE Series: Redis (CVE-2022-0543)
The Redis vulnerability (CVE-2022-0543) is a critical flaw impacting Linux systems across the globe. By exploiting this vulnerability, any user can remotely execute commands as a root user on a system. Take our course to exploit and mitigate the vulnerability in a secure lab environment, giving you the skills you need to protect your organization.
CVE Series
CVE Series: Spring4Shell (CVE-2022-22965)
Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!
Threat Actor Campaigns
Royal Ransomware Group
Royal is a spin-off group of Conti, which first emerged in January of 2022. The group consists of veterans of the ransomware industry and brings more advanced capabilities and TTPs against their victims. Begin this campaign to learn how to detect and protect against this newer APT group!
Threat Actor Campaigns
Threat Actor Campaigns
Raspberry Robin
Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.
Threat Actor Campaigns
Double Trouble with Double Dragon
Advanced Persistent Threats (APTs) conduct state-sponsored cyberattacks that can radically disrupt global business operations. Launch this campaign to start detecting sophisticated techniques leveraged by APT41, known as "Double Dragon" because they cause double trouble with both espionage and financially-motivated attacks!
Threat Actor Campaigns
Weak Link in the Supply Chain
Threat actors known as Advanced Persistent Threats (APTs) conduct highly sophisticated attacks sponsored by nation-states. They maintain a committment to stealth and often use custom malware. This campaign emulates a supply chain attack by APT29 that is similar to the SolarWinds compromise and it has the end goal of stealing sensitive information.
Threat Actor Campaigns
Spinning a Web Shell for Initial Access
Certain threat actors specialize in targeting vulnerable web servers and gain initial access by exploiting public-facing applications. Then they act as access brokers for ransomware gangs. Such campaigns highlight the need to protect against known vulnerabilities. Understanding these techniques is key to protecting your organization.
Threat Actor Campaigns
Exfiltration and Extortion
Threat actors will use stolen data exfiltrated from victim systems to extort organizations. Once they gain a foothold, they delete critical system files and threaten to release the data or disrupt operations if the victims do not pay up. Understanding these techniques is vital to defending your organization from such attacks.
Threat Actor Campaigns
Ransomware for Financial Gain
Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.
Instructors
Industry Seasoned. Cybrary Trained. Our instructors are current industry professionals trained by Cybrary to ensure consistency in quality and content.