Browse the Full Catalog

In this brief course, you will be introduced to the Magic Hound Threat Actor Campaign.

In this brief course, you will be introduced to the Royal Ransomware Group Threat Actor Campaign.

This hands-on lab is designed to equip learners with in-depth knowledge of protocol tunneling and encrypted channels - two critical techniques for secure and covert communication.

This hands-on lab is designed to provide learners with an understanding of how an adversary can use the Exfiltration Over Alternative Protocol: Asymmetric Encrypted Non-C2 Protocol TTP to further their objectives in a cyber operation.

In this hands-on lab, you will practice simulating a command-and-control (C2) beacon and detecting the resulting activity using a SIEM.

Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.

This course will teach you how to use AI copilots safely and responsibly in real-world investigations. You will learn how to combine human judgment with AI speed, apply governance frameworks, identify AI-specific threats, and measure tangible improvements in performance and accuracy.

This course provides an overview of every stage of the AI Security Lifecycle, from planning and data preparation to deployment, monitoring, and governance—equipping them with the frameworks, tools, and best practices necessary to safeguard AI models and data in enterprise environments.

Artificial Intelligence is reshaping how organizations make decisions, build products, and serve customers. Yet for every success story, there are many AI projects that fail compliance reviews, stall before launch, or create new risks because teams lacked clear, actionable best practices. This course was created to bridge that gap.

Every successful AI initiative, regardless of size or complexity, follows a repeatable process known as the machine learning (ML) lifecycle. Learn the phases of a typical ML lifecycle and why adopting one is the single most important factor in delivering reliable, ethical, and cost-effective AI solutions.

Artificial Intelligence is not a single system or tool. It's a collection of different methods that learn, reason, and solve problems in unique ways. Each type of AI has its own strengths, limitations, and data requirements. Learn how these types differ, when to use each, and what tradeoffs are most important in production systems.

Before any algorithm is trained or deployed, its success depends on one thing: the shape and structure of the data feeding it. This course establishes the foundation for understanding why data modeling (how information is organized, related, and represented) is the most critical stage of any AI or machine learning (ML) project.

Agentic AI systems are autonomous, goal-driven assemblies of models and tools that can plan, act, and interact with external systems with limited supervision. This course explains what agentic AI is, how Model Context Protocol enable agent orchestration, and why they introduce new attack surfaces.

Artificial Intelligence has moved from the realm of research into the everyday reality of business and IT. Most professionals now use AI-powered tools in their work, but many still misunderstand what an AI system actually is. This course defines what we mean by an AI system and shows how these systems fit into enterprise architectures.

CVE-2024-21626 is a severe vulnerability affecting all versions of runc up to 1.1.11, a critical component utilized by Docker and other containerization technologies like Kubernetes. This vulnerability enables an attacker to escape from a container to the underlying host operating system. Put on your red team hat to exploit this vulnerability.

CVE-2024-4040 is a critical vulnerability in CrushFTP, a Java-based robust file server. Rated with a CVSS score of 10, this flaw permits remote, unauthorized attackers to circumvent authentication mechanisms, thereby gaining remote code execution (or RCE). In this course you’ll explore, exploit, and remediate this CVE.

CVE-2024-23334 is a high severity vulnerability found in the aiohttp Python library, a popular asynchronous HTTP client/server framework. By the end of this course you will be able to execute a directory traversal attack using aiohttp's vulnerable configuration and then perform remediation steps to fix the vulnerability.

CVE-2024-27348 is a critical vulnerability in Apache HugeGraph, a graph database designed for large-scale data management. With a CVSS score of 9.8, attackers can exploit this flaw by sending crafted payloads to execute arbitrary commands, potentially leading to a full system compromise.

In this month's Cybrary challenge, you will be exploring the inner workings of automobiles by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is the black box for vehicles, recording every action taken.

In this month's Cybrary challenge, you will be exploring the inner workings of automobiles by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is the black box for vehicles, recording every action taken.

In this hands-on challenge, you will have the opportunity to put your Wireshark skills to the test.

‍

In this hands-on challenge, you will practice using Burp Suite to exploit a vulnerable web application.

In this hands-on challenge, you will practice exploiting SSRF vulnerablities and converting binary output.

In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.

In this hands-on challenge, you will practice researching network observables.

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

CVE-2024-27198 is a critical vulnerability in JetBrains TeamCity, a Java-based open-source automation server used for application building. This flaw allows remote, unauthorized attackers to circumvent authentication, thereby gaining admin control over the server. All versions of TeamCity On-Premises up to 2023.11.3 are affected.

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

‍