Browse the Full Catalog

The SSCP exam preparation package helps students prepare for the ISC2 SSCP certification exam. The SSCP certification helps students validate their knowledge in areas, like security operations, incident response, and cryptography. This practice test will prepare you for the exam version that was updated in 2024.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.

In this hands-on lab, you will learn about local authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a user account has logged on and logged off, including the type of authentication.

The CySA+ practice test helps students prepare for the CompTIA CySA+ CS0-003 certification exam. The CySA+ certification prepares students for careers in security analyst roles and is an approved certification under DOD 8570.

In this hands-on lab, you will learn the basics of digital forensics, including its role in an investigation and major phases. You will practice using the Autopsy forensics tool to analyze and retrieve evidence from a

In this hands-on lab, you will learn the basics of Incident Response, including its role in a security program and major phases. You will practice using incident response tools on a live system to capture memory and essential system files for further investigation.

In this hands-on lab, you will learn about domain-based authentication mechanics in the Windows operating system, including user accounts, the authentication process, and different types of authentication. You will practice identifying when a domain user account has logged on and logged off, including the type of authentication.

In this hands-on lab, you will learn the basics of email analysis with a special focus on malicious attachments. You will practice performing triage analysis of a spearphishing email containing a suspicious attachment.

In this lab, you will learn the basics of SIEM dashboards. You will practice creating your own custom dashboard using the Wazuh SIEM.

In this hands-on lab, you will learn the basics of persistence in Windows. You will practice generating data that is representative of common persistence mechanisms, then use a SIEM to identify indicators of persistence.

In this hands-on lab, you will learn the basics of process analysis and Windows execution. You will practice using Process Explorer and a SIEM to analyze information from collected process dumps.

In this hands-on lab, you will learn the basics of SIEM-based detection and alerting. You will practice using the Wazuh SIEM to create, modify, and test custom rules and alerts.

In this hands-on lab, you will learn how to analyze spearphishing emails containing malicious links. You will practice analyzing a sample spearphishing email.

In this hands-on lab, you will learn the basics of Endpoint Detection and Response tools. You will practice using the Wazuh EDR to install an agent on a Windows endpoint and detect simulated attacks aligned to the MITRE ATT&CK framework.

In this hands-on lab, you will learn the basics of using search expressions in a SIEM. You will practice creating a series of search expressions in the Wazuh SIEM.

In this hands-on lab, you will learn the basics of web activity logs. You will then practice identifying meaningful events in web proxy (HTTP/HTTPS) and name server (DNS) logs in the context of a new threat intelligence report.

In this hands-on lab, you will learn the basics of network observables. You will practice researching and documenting observables from a suspicious email using the security ticketing system theHive.

In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.

In this hands-on challenge, you will practice researching network observables.

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

‍

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!

Royal is a spin-off group of Conti, which first emerged in January of 2022. The group consists of veterans of the ransomware industry and brings more advanced capabilities and TTPs against their victims. Begin this campaign to learn how to detect and protect against this newer APT group!

Magic Hound (APT35) is an Iranian state-sponsored threat group that primarily targets organizations across various industries and geographic regions through cyber espionage. Launch this campaign to start detecting the sophisticated techniques leveraged by this threat group.

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.

Threat actors will use stolen data exfiltrated from victim systems to extort organizations. Once they gain a foothold, they delete critical system files and threaten to release the data or disrupt operations if the victims do not pay up. Understanding these techniques is vital to defending your organization from such attacks.

Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.