Browse the Full Catalog

Cybrary’s comprehensive, framework-aligned catalog has been reorganized to provide you with an intentional, guided learning experience. Advance your career, prep for certifications, and build your skills whenever, wherever.

Start Learning for Free
Cybrary for Business

The content and tools you need to build real-world skills

Rapidly develop your skills via an integrated and engaging learning
experience on the Cybrary platform.

Bite-sized Video Training

Manageable instruction from industry experts

Hands-On Learning

Put your skills to the test in virtual labs, challenges, and simulated environments

Practice Exams

Prepare for industry certifications with insider tips and practice exams

Earn Industry Badges

Complete coursework to earn industry-recognized badges via Credly

Certification Prep

Filter By
Clear
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
advanced
Course
Free
32
H:
34
M
16
 CEUS

CISSP Certification Prep

Our CISSP certification course and training for the CISSP certification, essential for cybersecurity professionals aiming to move up in their career. This course will cover all aspects of security, risk management, and architecture to help you prepare for the CISSP exam. Learn from experienced professionals and gain the knowledge needed to become a certified security expert.

Learn More & Enroll
beginner
Course
Free
18
H:
28
M
10
 CEUS

Comptia Security+ Certification Prep

CompTIA’s Security+ is a globally recognized certification that equips IT professionals with cybersecurity principles and security best practices, and is often used as a requirement for entry-level cybersecurity positions. This certification prep path is designed to provide you with a comprehensive overview of the concepts and skills you will need to pass the certification exam.

Learn More & Enroll
Advanced
Course
Free
H:
58
M
1
 CEUS

CISSP | Domain 8: Application Security

This CISSP | Domain 8: Application Security course will cover APIs, security testing for applications, and relational databases.

Learn More & Enroll
Advanced
Course
Free
1
H:
24
M
1
 CEUS

CISSP | Domain 7: Security Operations

This CISSP | Domain 7: Security Operations course will cover the forensic investigation process, redundancy, business continuity, and disaster recovery.

Learn More & Enroll
Advanced
Course
Free
H:
49
M
1
 CEUS

CISSP | Domain 6: Security Assessment and Testing

This CISSP | Domain 6: Security Assessment and Testing course will cover vulnerability assessment and penetration testing.

Learn More & Enroll
Advanced
Course
Free
H:
57
M
1
 CEUS

CISSP | Domain 5: Identity and Access Management

This CISSP | Domain 5: Identity and Access Management course will cover authentication, the Kerberos carnival, and federated trusts.

Learn More & Enroll
Advanced
Course
Free
1
H:
43
M
1
 CEUS

CISSP | Domain 4: Communication and Network Security

This CISSP | Domain 4: Communication and Network Security course will cover the OSI Model, WAN Technology, and Wireless Networking.

Learn More & Enroll
Advanced
Course
Free
3
H:
20
M
1
 CEUS

CISSP | Domain 3: Security Architecture and Engineering

This CISSP | Domain 3: Security Architecure and Engineering course will focus on security models and cryptography.

Learn More & Enroll
Advanced
Course
Free
H:
33
M
1
 CEUS

CISSP | Domain 2: Asset Security

This CISSP | Domain 2: Asset Security course will cover data categorization and classification, states of data, and data security in the cloud.

Learn More & Enroll

Career Paths

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.

Stay Ahead

Filter By
Clear
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
OWASP Top 10
Course
Free
2
H:
37
M
3
CEUS

OWASP Top 10 - A08:2021 - Software and Data Integrity Failures

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A08: Software and Data Integrity Failures, you'll take advice from a trusted offensive security professional on how to implement best practices for data and software integrity verification and risk mitigation.
Learn More & Enroll
OWASP Top 10
Course
Free
1
H:
34
M
2
CEUS

OWASP Top 10 - A04:2021 - Insecure Design

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A04: Insecure Design, you'll take advice from a trusted offensive security professional on how to use threat modeling and other techniques to protect your organization against critical design flaws that adversaries could exploit.
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
4
M
2
CEUS

OWASP Top 10 - A09:2021 - Security Logging and Monitoring Failures

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A09: Security Logging and Monitoring Failures, you'll take advice from a trusted offensive security professional on how to implement best practices for developing security logging and monitoring solutions at your organization.
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
10
M
2
CEUS

OWASP Top 10 - A10:2021 - Server-Side Request Forgery (SSRF)

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A10: Server-Side Request Forgery (SSRF), you'll learn to identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
46
M
4
CEUS

OWASP Top 10 - A05:2021 - Security Misconfiguration

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A05: Security Misconfiguration, you'll identify, exploit, and offer remediation advice for this vulnerability. We also cover XML External Entities. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
19
M
3
CEUS

OWASP Top 10 - A02:2021 - Cryptographic Failures

The OWASP Top 10 features the most critical web application security vulnerabilities. This part covers A02: Cryptographic Failures. You'll learn to identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
16
M
3
CEUS

OWASP Top 10 - A07:2021 - Identification and Authentication Failures

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A07: Identification & Authentication Failures, you'll identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
11
M
3
CEUS

OWASP Top 10 - A06:2021 - Vulnerable and Outdated Components

The OWASP Top 10 features the most critical web application security vulnerabilities. In this part, A06: Vulnerable and Outdated Components, you'll learn to identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
55
M
3
CEUS

OWASP Top 10 - A03:2021 - Injection

The OWASP Top 10 features the most critical web application security vulnerabilities. This part covers A03: Injection. You will learn how to identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
2
H:
25
M
3
CEUS

OWASP Top 10 - A01:2021 - Broken Access Control

The OWASP Top 10 features the most critical web application security vulnerabilities. This part covers A01: Broken Access Control. You will learn how to identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
1
H:
23
M
3
CEUS

OWASP Top 10 - A04:2017 - XML External Entities

The OWASP Top 10 features the most critical web application security vulnerabilities. This part covers A4: XML External Entities. You will learn how to identify, exploit, and offer remediation advice for this vulnerability in a secure lab environment. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
OWASP Top 10
Course
Free
1
H:
2
M
1
CEUS

OWASP Top 10 - 2021

The OWASP Top 10 features the most critical web application security vulnerabilities. Build your offensive security and penetration testing skills with this one-of-a-kind course!
Learn More & Enroll
MITRE ATT&CK
Course
1
H:
52
M
6
CEUS

Protocol Tunneling

Maintaining privacy and security has become increasingly vital for both individuals and organizations. T1572/T1573 is a comprehensive, hands-on course designed to equip participants with in-depth knowledge of protocol tunneling and encrypted channels - two critical techniques for secure and covert communication.
Learn More & Enroll
MITRE ATT&CK
Course
1
H:
47
M
6
CEUS

Exfiltration Over Alternative Protocol: Asymmetric Encrypted Non-C2 Protocol

Threat actors often leverage valid accounts to gain unauthorized access to target systems and networks. T1078.003 is a focused course designed to provide participants with a deep understanding of local accounts and their exploitation to further the objectives of an adversary in a cyber operation.
Learn More & Enroll
MITRE ATT&CK
Course
0
H:
45
M
3
CEUS

SSH Authorized Keys

SSH Authorized Keys are widely used as credentials for remotely accessing Linux-based systems via SSH. Adversaries can manipulate these keys to give themselves persistence in your environment so they can return at will. Get hands-on detecting and mitigating this adversary action today.
Learn More & Enroll
MITRE ATT&CK
Course
1
H:
35
M
2
CEUS

Application Layer Protocol: Web Protocols

In this course, students will learn how C2 connections are established and used by attackers in a real-world demonstration to give learners a sense of how to detect malicious HTTP traffic. This is the last course in the Raspberry Robin Attack series.
Learn More & Enroll
MITRE ATT&CK
Course
1
H:
5
M
1
CEUS

Lateral Movement: Windows Remote Management

In order to achieve lateral movement, threat actors will use a valid account to access remote systems, such as the Windows Remote Management service. In this way, the threat actor can move around the network and search for valuable information or greater access. Learn more and get hands-on with this technique by detecting it in our virtual lab.
Learn More & Enroll
MITRE ATT&CK
Course
1
H:
25
M
1
CEUS

Persistence via Windows Services

Windows Services are the main vehicle used by the Windows OS to start and run background functions that do not require user interaction. Configuring malware to run as a service is a common strategy for trying to blend malicious code execution in with other legitimate Windows functions. Prevent adversaries from gaining persistence in this course.
Learn More & Enroll
MITRE ATT&CK
Course
1
H:
40
M
2
CEUS

System Binary Proxy Execution and a Spearphish Payload

Spearphishing is one of the oldest tricks in the book, and in this course you will learn more about how it actually works. Plus, see how adversaries can hide malicious code in compiled HTML files. Detect and mitigate these techniques in our hands-on course.
Learn More & Enroll
MITRE ATT&CK
Course
Free
1
H:
10
M
1
CEUS

Server Software Component: Web Shell

Bad actors can gain persistence on your network by abusing software development features that allow legitimate developers to extend server applications. In this way, they can install malicious code for later use. Learn to detect and thwart this activity and protect your network.
Learn More & Enroll
MITRE ATT&CK
Course
0
H:
50
M
1
CEUS

Scheduled Task

Some organizations do not configure their operating systems and account management to properly protect the use of task scheduling functionality. As a result, adversaries can abuse this capability to execute malicious code on a victim’s system. Get hands-on practice detecting this technique so you can protect your organization.
Learn More & Enroll
MITRE ATT&CK
Course
0
H:
50
M
1
CEUS

Registry Run Keys

Many organizations do not monitor for additions to the Windows Registry that could be used to trigger autostart execution on system boot or logon. This allows adversaries to launch programs that run at higher privileges and paves the way for more damaging activity. Learn how to detect and mitigate this activity to secure your network.
Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Application Attacks

Test your Application Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like web application vulnerabilities and Burp Suite. Measure your mastery of Application Attacks and advance your career with targeted course and virtual lab recommendations.

Learn More & Enroll
Course
FREE
1
H:
10
M
1
CEUS

Evasion

Test your Evasion knowledge and skills to identify strengths, gaps, and weaknesses in areas like identifying ingress and egress rules, evading Microsoft Defender, and bypassing web application firewalls.

Learn More & Enroll
Course
FREE
1
H:
10
M
1
CEUS

Credential Attacks

Test your Credential Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like Password Cracking, Password Spraying, and Credential Stuffing.

Learn More & Enroll
Course
FREE
1
H:
15
M
1
CEUS

Network Attacks

Test your Network Attacks knowledge and skills to identify strengths, gaps, and weaknesses in areas like reconnaissance, enumeration, exploitation, and more. Measure your mastery of Network Attacks and advance your career with targeted course and virtual lab recommendations.

Learn More & Enroll
Course
FREE
1
H:
10
M
1
CEUS

Reconnaissance and Enumeration

Test your Reconnaissance and Enumeration knowledge and skills to identify strengths, gaps, and weaknesses in areas like OSINT, network reconnaissance, and local host enumeration.

Learn More & Enroll
Course
FREE
0
H:
15
M
1
CEUS

Offensive Security Fundamentals

Test your Offensive Security Fundamentals knowledge to identify strengths, gaps, and weaknesses in areas like offensive security operations and cyber kill chains. Measure your mastery of Offensive Security Fundamentals and advance your career with targeted course recommendations.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Burping Sauce

In this hands-on challenge, you will practice using Burp Suite to exploit a vulnerable web application.

Learn More & Enroll
Course
FREE
0
H:
30
M
1
CEUS

Encoder Switch

In this hands-on challenge, you will practice exploiting SSRF vulnerablities and converting binary output.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

In-N-Out

In this hands-on challenge, you will practice identifying potential egress points through intermediate devices and creating tunnels out of a network.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

The Defense Rests

In this hands-on challenge, you will practice making changes to a malware sample in order to evade Microsoft Defender.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Spray Paint

In this hands-on challenge, you will exercise your password cracking and password spraying skills.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Crackception

In this hands-on challenge, you will exercise your password cracking skills to defeat the security of an encrypted file.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Tunnel Cake

In this hands-on challenge, you will practice identifying and exploiting vulnerabilities on a target host, then using tunneling and pivoting to broker access to internal services

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Scratch and Sniff

In this hands-on challenge, you will practice network sniffing. You will interpret and manipulate a packet capture to gain access to other hosts on a target network.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Penguin Land

In this hands-on challenge, you will practice performing local host enumeration and privilege escalation on a Linux system.

Learn More & Enroll
Course
FREE
1
H:
0
M
1
CEUS

Box Full of Recon

In this hands-on challenge, you will practice using Nmap to identify and exploit simple vulnerabilities on target hosts.

Learn More & Enroll
Course
FREE
1
H:
30
M
1
CEUS

API Attacks

In this hands-on lab, you will learn the basics of API Attacks. You will practice exploiting some common API vulnerabilities in a REST-based web application.

Learn More & Enroll
Course
FREE
1
H:
20
M
1
CEUS

Deserialization Attacks

In this hands-on lab, you will learn the basics of deserialization attacks. You will practice performing deserialization attacks using Python scripts and Burp Suite.

Learn More & Enroll
Course
FREE
1
H:
30
M
1
CEUS

Bypassing Web Application Firewalls

In this hands-on lab, you will learn about Web Application Firewalls (WAF) and common techniques for bypassing them. You will practice using manual testing techniques to bypass various WAF configurations.

Learn More & Enroll
Course
FREE
1
H:
20
M
1
CEUS

SSRF Attacks

In this hands-on lab, you will learn the basics of Server-Side Request Forgery (SSRF) Attacks. You will practice performing live SSRF attacks against a vulnerable web application.

Learn More & Enroll
Course
FREE
1
H:
25
M
1
CEUS

Injection Attacks

In this hands-on lab, you will learn the basics of injection attacks. You will practice performing SQL injection, command injection, and XSS attacks against a vulnerable web application.

Learn More & Enroll
Course
FREE
1
H:
35
M
1
CEUS

Password Spraying and Credential Stuffing

In this hands-on lab, you will learn about password spraying and credential stuffing. You will practice using Hydra and Burp Suite to perform password spraying and credential stuffing attacks.

Learn More & Enroll
Course
FREE
1
H:
10
M
1
CEUS

Application Attacks Basics

In this course, you will learn the basics of applications and how to attack them, including web application architecture, common vulnerablities, and mitigation strategies.

Learn More & Enroll
Course
FREE
1
H:
20
M
1
CEUS

Evading Microsoft Defender

In this hands-on lab, you will learn about evading Microsoft Defender. You will practice using process injection and obfuscation techniques to evade Microsoft Defender.

Learn More & Enroll
Course
FREE
1
H:
25
M
1
CEUS

Tunneling and Pivoting

In this hands-on lab, you will learn about tunneling and pivoting as tactics for traversing target networks. You will practice tunneling and pivoting using Metasploit and SSH Dynamic Port Forwarding.

Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Cybrary Challenge: Motor Mayhem

In this challenge, you will take on a CAN Bus challenge by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is a message-based protocol found in the automobiles that we use today. Every action of the car is recorded into this dump file. This allows us to read vehicle operations such as turn signals and other vehicle operations.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
30
M
1
CEUS

Cybrary Challenge: Pumpkin Injection

In this challenge, you will take on a Digital Forensics challenge by analyzing a potentially malicious memory dump. By analyzing these artifacts, you the investigator will be able to determine evidence of malicious activity on a compromised system.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Memory Mysteries

In this challenge, you will take on a memory forensics challenge by analyzing a dump file. Memory forensics is an important piece of evidence when conducting a forensics investigation. Unique insights such as network connections and injected processes can be found through memory analysis.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
30
M
1
CEUS

Cybrary Challenge: Destination Explorer

In this challenge, you will take on a Digital Forensics challenge by parsing and analyzing Windows artifacts. By analyzing these artifacts, investigators are able to prove suspected user behavior.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Dissecting Code

In this challenge, you will take on a reverse engineering challenge by analyzing a binary file. Malicious attackers will commonly use malware or custom binary files to execute their goals. The goal is to show from an analyst POV how to do basic file analysis.
Learn More & Enroll
Cybrary Challenges
Course
0
H:
30
M
1
CEUS

Challenge: Packed Snacks

In this challenge, you will take on a reverse engineering challenge by analyzing a binary file. Malicious attackers will always use malware or custom binary files to execute their goals. The goal is to show from an analyst POV how to do basic file analysis.
Learn More & Enroll
Cybrary Challenges
Course
0
H:
30
M
1
CEUS

Challenge: Between Two Numbers

In this challenge, you will take on a reverse engineering challenge by analyzing a binary file. Malicious attackers will always use malware or custom binary files to execute their goals. The goal is to show from an analyst point of view (POV) how to do basic file analysis.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Saving A Fellow Spy

You will take on a cryptography challenge in this challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Space Mission

In this challenge, you will take on a cryptography challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: A Message Within A Message

In this challenge, you will take on a cryptography challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
30
M
1
CEUS

Challenge: Don't Believe What You Hear

In this challenge, you will take on a Steganography challenge identifying embedded data within an audio file. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Chatting with ChatGPT

In this challenge, we will take a different approach and dive into the world of AI technology. By completing this challenge, you will learn more about ChatGPT, how it works, its capabilities, and its limitations. As cybersecurity professionals, it is essential to adapt to the ever-changing technology and security landscape.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
45
M
2
CEUS

Challenge: Saving a Fellow Monster

In this challenge, you will take on a Steganography challenge identifying embedded data within an image. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Gobble Gobble Conceal & Deceive

In this challenge, you will take on a Steganography challenge identifying embedded data within an image. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Malware in a Haystack

This challenge will have you hunting for evidence of persistence, a tactic that threat actors commonly use to maintain a foothold within a compromised environment. The goal is to find the needle in the haystack to determine abnormal versus normal system behavior.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Back to the Cereal

This challenge will have you analyze a $MFT Windows artifact to identify unauthorized activity. The goal is to see from a blue teamer's point of view the actions an unauthorized user may take on a victim's system when an attacker wants to hide their activity.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: For the Rebellion or the Empire

This challenge will have you analyze traditional Registry artifacts to identify unauthorized activity. The goal is to see from a blue teamer's point of view the actions an unauthorized user may take on a victim's system when there are inadequate security controls in place.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
10
M
1
CEUS

Challenge: Update B4 It's 2Late

National Cybersecurity Awareness Month has four themes; the last being 'Update Your Software.' This challenge will have you analyze a log and identify a web application attack. The goal is to piece together the narrative from the suspicious requests and understand how attacks like these can happen when you do not update your software.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: MFA ... All Day Every Day

National Cybersecurity Awareness Month has several themes, one of which is Multi-Factor Authentication (MFA). This MFA challenge will have you analyze a log and identify the potential MFA attack. The goal is to review suspicious requests and identify how MFA can be attacked in real-world use cases.
Learn More & Enroll
Cybrary Challenges
Course
1
H:
0
M
1
CEUS

Challenge: Episode II - Attack of the Encoders

Adversaries commonly use encoding, encryption, and hashing to obscure their scripts and attacks. As a CTF player, you will need to analyze alerts and uncover the true nature of a suspicious string embedded in a file. Can you help figure out what it’s trying to say?
Learn More & Enroll
Cybrary Challenges
Course
0
H:
30
M
1
CEUS

Challenge: The Base(64)ics

Threat actors commonly use legitimate tools in nefarious ways. As a CTF player, you’ll need to find creative ways to uncover these types of tactics. While evaluating a recent alert in your EDR, you’ve come across a weird string at the end of a powershell command. Can you help figure out what it’s trying to say?
Learn More & Enroll
Cybrary Challenges
Course
0
H:
50
M
1
CEUS

Challenge: Spiny Shell

You receive an alert about a suspicious command execution on a Windows endpoint. Early analysis suggests PowerShell has not locked down appropriately. Can you validate if anything malicious is underway? Now that you have some basic information discovered, dive deeper into the suspicious command to identify the attacker's infrastructure and setup!
Learn More & Enroll
CVE Series
Course
0
H:
30
M
1
CEUS

Beaucoup Phish

In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.

Learn More & Enroll
CVE Series
Course
0
H:
30
M
1
CEUS

Keen Observation

In this hands-on challenge, you will practice researching network observables.

Learn More & Enroll
CVE Series
Course
0
H:
30
M
1
CEUS

Certificate of Authenticity

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

Learn More & Enroll
CVE Series
Course
0
H:
30
M
1
CEUS

Process Profiles in Courage

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

Learn More & Enroll
CVE Series
Course
0
H:
30
M
1
CEUS

Red Alert

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

Learn More & Enroll
CVE Series
Course
1
H:
5
M
1
CEUS

CVE Series: Jenkins Arbitrary File Leak Vulnerability (CVE-2024-23897)

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

Learn More & Enroll
CVE Series
Course
0
H:
30
M
1
CEUS

Search and Destroy

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

Learn More & Enroll
CVE Series
Course
1
H:
35
M
1
CEUS

CVE Series: Authentication Bypass in Apache Superset (CVE-2023-27524)

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

Learn More & Enroll
CVE Series
Course
1
H:
5
M
1
CEUS

CVE Series: Confluence Authentication Vulnerability (CVE-2023-22515)

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!

Learn More & Enroll
CVE Series
Course
Free
1
H:
15
M
1
CEUS

CVE Series: WinRar Vulnerability (CVE-2023-38831)

WinRAR, a popular 1990s file archiver still used by 500 millions users worldwide, suffers from a high severity Remote Code Execution (RCE) vulnerability. In this course you’ll be putting on your Red Team hat to create your own malicious file and gain control of the victim’s computer by leveraging this CVE!
Learn More & Enroll
CVE Series
Course
Free
1
H:
0
M
1
CEUS

CVE Series: Openfire (CVE-2023-32315)

If you're a cybersecurity practitioner who wants to know more about how to exploit and defend against CVE-2023-32315 (Openfire Path Traversal to RCE), you won't want to miss this course. You will identify the vulnerability, exploit it, and mitigate it in a hands-on, secure lab environment. Don't let Openfire catch you off guard.
Learn More & Enroll
CVE Series
Course
1
H:
20
M
2
CEUS

CVE Series: Dirty Pipe (CVE-2022-0847)

Dirty Pipe (CVE-2022-0847) is the most critical vulnerability to impact Linux distributions in years. By exploiting this local kernel flaw, adversaries can quickly escalate privileges and even gain root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.
Learn More & Enroll
CVE Series
Course
Free
1
H:
15
M
2
CEUS

CVE Series: Polkit (CVE-2021-4034)

The Polkit vulnerability (CVE-2021-4034) is a critical vulnerability impacting every major Linux distribution. Its attack vector allows privilege escalation and can even give the attacker root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.
Learn More & Enroll
CVE Series
Course
1
H:
45
M
2
CEUS

CVE Series: Log4J (CVE-2021-44228)

The Log4J vulnerability (CVE-2021-44228) took the world by storm in late 2021. Do you have what it takes to exploit and mitigate this critical vulnerability that experts say had the biggest global impact since Shellshock? Find out in this course, where you'll put your defensive and pen testing skills to the ultimate test in a virtual lab.
Learn More & Enroll
CVE Series
Course
1
H:
35
M
1
CEUS

CVE Series: InstallerFileTakeOver (CVE-2021-41379)

InstallerFileTakeOver (CVE-2021-36934) is a Windows elevation of privilege vulnerability that emerged in late 2021 and could allow a threat actor to acquire elevated SYSTEM-level access. You will exploit this vulnerability in a virtual lab environment and learn how to mitigate it so you can protect your organization.
Learn More & Enroll
CVE Series
Course
1
H:
47
M
2
CEUS

CVE Series: MSHTML Vulnerability (CVE-2021-40444)

The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a threat actor to execute code on a victim’s machine. In this advanced course, you will exploit and mitigate this vulnerability in a secure lab environment, giving you the skills you need to protect your organization.
Learn More & Enroll
CVE Series
Course
0
H:
58
M
1
CEUS

CVE Series: HiveNightmare (CVE-2021-36934)

HiveNightmare (CVE-2021-36934) is a serious vulnerability that gives threat actors access to sensitive data in the Windows Registry. Don't get stung by HiveNightmare. Get hands-on experience mitigating and exploiting this vulnerability in a secure lab environment by taking this course today.
Learn More & Enroll
CVE Series
Course
1
H:
0
M
1
CEUS

CVE Series: PrintNightmare (CVE-2021-1675 and CVE-2021-34527)

PrintNightmare (CVE-2021-1675 and CVE-2021-34527) is a critical vulnerability in the Windows Print Spooler service running on almost every Windows operating system. Dive into a hands-on lab and course where you will exploit and mitigate the vulnerability. Don't get caught unaware by PrintNightmare.
Learn More & Enroll
CVE Series
Course
Free
1
H:
35
M
1
CEUS

CVE Series: Ghostcat (CVE-2020-1938)

If you're a cybersecurity practitioner who wants to know more about how to exploit and defend against Ghostcat (CVE-2020-1938), the you won't want to miss this course. You will identify the vulnerability, exploit it, and even mitigate it in a hands-on, secure lab environment. Don't let Ghostcat catch you off guard.
Learn More & Enroll
CVE Series
Course
0
H:
20
M
2
CEUS

CVE Series: CouchDB RCE (CVE-2022-24706)

The Apache CouchDB Remote Code Execution (RCE) vulnerability (CVE-2022-24706) is a critical flaw impacting Couch databases and has been known to be exploited in the wild. Learn how to exploit and mitigate this vulnerability today!
Learn More & Enroll
CVE Series
Course
1
H:
20
M
2
CEUS

CVE Series: Atlassian Bitbucket Command Injection (CVE-2022-36804)

The Atlassian Bitbucket command injection flaw (CVE-2022-36804) is a remote, unauthenticated, command injection vulnerability affecting application programming interface (API) endpoints in Bitbucket Server and Data Center. Stop an attacker from stealing sensitive information or installing malware as you exploit and mitigate this vulnerability!
Learn More & Enroll
CVE Series
Course
1
H:
5
M
1
CEUS

CVE Series: Grafana Directory Traversal (CVE-2021-43798)

The Grafana Directory Traversal vulnerability (CVE-2021-43798) is a critical arbitrary file reading vulnerability impacting global Grafana servers and has been exploited in the wild. Take this course to learn how to exploit and mitigate this vulnerability!
Learn More & Enroll
CVE Series
Course
0
H:
40
M
1
CEUS

CVE Series: Apache HTTPD (CVE-2021-42013)

The Apache HTTPD vulnerability (CVE-2021-42013) is a critical flaw impacting servers across the globe. This vulnerability gives an attacker the ability to enumerate a system and execute commands on the victim system if exploited. Exploit and mitigate the vulnerability in a secure lab environment!
Learn More & Enroll
CVE Series
Course
Free
0
H:
55
M
1
CEUS

CVE Series: Apache Spark (CVE-2022-33891)

Apache Spark is the biggest open-source project used for large-scale data processing and machine learning. Companies love it for its fast speed and ease of use. But a security flaw allows an adversary to just add a shell command to the URI to perform an arbitrary shell command execution. Exploit this flaw today using two attack vectors!
Learn More & Enroll
CVE Series
Course
1
H:
15
M
2
CEUS

CVE Series: Django (CVE-2022-34265)

Django is a Python-based web framework design for fast, easy application creation. Popular apps like Instagram and Clubhouse use Django, but are you prepared to exploit and mitigate the high-risk Django flaw (CVE-2022-34265) that leaves applications vulnerable to SQL injection attacks? Put your pentest skills to the test in our course!
Learn More & Enroll
CVE Series
Course
1
H:
50
M
2
CEUS

CVE Series: Follina (CVE-2022-30190)

The Follina exploit (CVE-2022-30190) is a Windows Remote Code Execution (RCE) vulnerability that could allow a threat actor to acquire an initial level of access after a successful phishing attack. Take our course to gain the skills you need to identify the vulnerability, detect it, and mitigate it (with current best knowledge).
Learn More & Enroll
CVE Series
Course
1
H:
20
M
2
CEUS

CVE Series: Confluence RCE (CVE-2022-26134)

CVE-2022-26134 is an Object-Graph Navigation Language (OGNL) injection flaw impacting Atlassian Confluence & Data Center software. Leveraging this remote code injection (RCE) flaw, adversaries can execute arbitrary code on a server. Atlassian tools are popular with more remote work, so mitigation is key. Exploit, detect, & mitigate this flaw!
Learn More & Enroll
CVE Series
Course
1
H:
20
M
2
CEUS

CVE Series: Redis (CVE-2022-0543)

The Redis vulnerability (CVE-2022-0543) is a critical flaw impacting Linux systems across the globe. By exploiting this vulnerability, any user can remotely execute commands as a root user on a system. Take our course to exploit and mitigate the vulnerability in a secure lab environment, giving you the skills you need to protect your organization.
Learn More & Enroll
CVE Series
Course
0
H:
45
M
1
CEUS

CVE Series: Spring4Shell (CVE-2022-22965)

Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!
Learn More & Enroll
Threat Actor Campaigns
Course
7
H:
7
M
0
CEUS

Royal Ransomware Group

Royal is a spin-off group of Conti, which first emerged in January of 2022. The group consists of veterans of the ransomware industry and brings more advanced capabilities and TTPs against their victims. Begin this campaign to learn how to detect and protect against this newer APT group!

Learn More & Enroll
Threat Actor Campaigns
Course
6
H:
40
M
0
CEUS

Magic Hound

Magic Hound (APT35) is an Iranian state-sponsored threat group that primarily targets organizations across various industries and geographic regions through cyber espionage. Launch this campaign to start detecting the sophisticated techniques leveraged by this threat group.

Learn More & Enroll
Threat Actor Campaigns
Course
7
H:
55
M
0
CEUS

Raspberry Robin

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.

Learn More & Enroll
Threat Actor Campaigns
Course
9
H:
4
M
0
CEUS

Double Trouble with Double Dragon

Advanced Persistent Threats (APTs) conduct state-sponsored cyberattacks that can radically disrupt global business operations. Launch this campaign to start detecting sophisticated techniques leveraged by APT41, known as "Double Dragon" because they cause double trouble with both espionage and financially-motivated attacks!
Learn More & Enroll
Threat Actor Campaigns
Course
5
H:
58
M
0
CEUS

Weak Link in the Supply Chain

Threat actors known as Advanced Persistent Threats (APTs) conduct highly sophisticated attacks sponsored by nation-states. They maintain a committment to stealth and often use custom malware. This campaign emulates a supply chain attack by APT29 that is similar to the SolarWinds compromise and it has the end goal of stealing sensitive information.
Learn More & Enroll
Threat Actor Campaigns
Course
free
5
H:
10
M
0
CEUS

Spinning a Web Shell for Initial Access

Certain threat actors specialize in targeting vulnerable web servers and gain initial access by exploiting public-facing applications. Then they act as access brokers for ransomware gangs. Such campaigns highlight the need to protect against known vulnerabilities. Understanding these techniques is key to protecting your organization.
Learn More & Enroll
Threat Actor Campaigns
Course
5
H:
0
M
0
CEUS

Exfiltration and Extortion

Threat actors will use stolen data exfiltrated from victim systems to extort organizations. Once they gain a foothold, they delete critical system files and threaten to release the data or disrupt operations if the victims do not pay up. Understanding these techniques is vital to defending your organization from such attacks.

Learn More & Enroll
Threat Actor Campaigns
Course
5
H:
45
M
0
CEUS

Ransomware for Financial Gain

Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.

Learn More & Enroll

Teams

Cybrary Select

No items found.

Cybrary Live

Designed to complement Cybrary’s on-demand certification prep content, Cybrary Live allows learners to interact directly with expert instructors in a boot camp-style virtual classroom environment. Contact sales@cybrary.it to inquire about Cybrary Live for your team.

Request a Demo

Our Instructors

Industry seasoned. Cybrary trained.
Our instructors are current cybersecurity professionals trained by Cybrary to deliver engaging, consistent, quality content.

See all
Instructor
Instructor

Georgia Weidman

Founder and CTO at Shevirah and Bulb Security
Learn More
Instructor
Instructor

Max Alexander

VP, Cybersecurity Incident Response Planning at JPMorgan
Learn More
Instructor
Instructor

Joe Perry

Senior Technical Instructor at FireEye, Inc
Learn More
Instructor
Instructor

Carter Schoenberg

Executive VP of IPKeys Power Partners
Learn More
See All Instructors

What Our Learners Are Saying

Join 3 million+ users, including 96% of Fortune 1000 companies who use our platform to upskill their teams. See what the buzz is about - start learning for free!

Cybrary is just an amazing platform. Literally thousands of hours of quality content. You can find a course or a lab for just about everything, and they are constantly releasing new material. They also have highly responsive customer service. It's been worth every penny.

Jared

Greatest investment I have made to dateCybrary is solely responsible for my passing the CompTIA A+ exam and is the reason I am going into my Net+ with confidence. I have learned a great deal through virtual labs, practice tests, recorded lessons, and the various other things they offer. The community is great as well. Got a question about the interview process for a tech job? Ask in discord. Just got a cert? Post it in discord and let the reactions and comments flow making you feel great about yourself. It is an all around wonderful experience and I rate it as a totally worthwile expense for starting or furthering your career in the IT industry. Invest in yourself.

Bradly

Training is coolEasy to enroll, instructors are enthusiastic and professionnal, technical stuff is very well explained.

JPM

I've been having concerns on how to start in terms of building my #cybercareer with a sustained path. So I got introduced to Cybrary and I was able to enroll and startup early last week and I have gone through two sessions, getting to know Cybrary and also a view of what cybersecurity is from their perspective. That gave me an overall view of what jobs are found in the space, their general responsibilities, required skills, necessary certifications and their average salary pay... Cybrary has given me a greater reason to pursue my hearts desire at all cost.

Jamal O.
Student

Thanks to Cybrary I'm now a more complete professional! Everyone in [the] cybersecurity area should consider enrollment in any Cybrary courses.

João S.
IT Administrator - CISSP

The interviewer said the certifications and training I had completed on my own time showed that I was a quick learner, and they gave me a job offer.

Justin B.
IT Specialist

Our partnership with Cybrary has given us the opportunity to provide world-class training materials at no cost to our clients, thanks to the funding we’ve received from the government. Cybrary offers a proven method for building a more skilled cybersecurity workforce.

Katie Adams
Senior Director

All of the knowledge, skills, and abilities gained through the program were essential to me impressing the employer during the interview.

Gabby H.
Senior Security Analyst

Cybrary is a one-stop-shop for my cybersecurity learning needs. Courses on vulnerability management, threat intelligence, and SIEM solutions were key for my early roles. As I grow into leadership roles influencing business policy, I’m confident Cybrary will continue developing the knowledge and skills I need to succeed.

No Name
Senior Cybersecurity Consultant and Virtual CISO

After tens of minutes, I proudly have achieved my certificate of continuing education for Intro to Infosec... Doing everything I can to avoid retaking the CISSP test! Thanks Cybrary - 1 CPE at a time!

Alex H.

We’ve had six students this summer, all with different schedules, so we’ve been trying to balance their learning experience with some practical work. It’s not like they’re all sitting in a classroom at the same time, so the ability for them to learn at their own pace without any additional support has probably been the biggest benefit of using Cybrary.

Collin Ricker
Business Development Manager

Just finished the third out of four MITRE ATT&CK Defender courses on Cybrary... If anyone is interested in learning how to do ATT&CK based SOC assessments I would definitely recommend this course. The best part is that it is FREE!

Eric T.
AWS Certified Cloud Practitioner

Excellent new series of courses from Cybrary, each course covers a different CVE, demonstrates vulnerability and its mitigation.

Raul C.
Cybersecurity Specialist

I've successfully completed the career path provided by Cybrary to become a SOC Analyst - Level 2. Eventually, do what you love, and do it well - that's much more meaningful than any metric.

Wissal Ayari
SOC Analyst

Cybrary is helping me proactively build skills and advance my career. Labs put concepts immediately into practice, reinforcing the content (and saving me time not having to spin up my own VM). Career paths lay everything out clearly, so I know what skills to prioritize.

No Name
Enterprise Analyst

I got a job as a cybersecurity analyst at Radware with a salary I've never even dreamed about AND with no prior experience.

Alexei Z.
Cybersecurity Analyst

Thank you to Cybrary for providing this opportunity to complete the Cybrary Orientation Certification program with such sleekness and detail-oriented learning.

Ganesh Y.

So far I have really been enjoying Cybrary's SOC Analyst Training, it has been very informative. I just finished up with the command line section and now I'm on to the more fun stuff (Malware Analysis). I think it's so dope that platforms like this exist. This is a game changer.

Tobias Castleberry
SOC Analyst, Security+ Certified

I decided to check out Cybrary and the courses they had to offer after seeing a few posts from people who had completed their courses. I'm happy to say that their instructors are knowledgeable and clear, and their course catalogues are extensive and offer relevant career path courses.

Nazli S.
AWS Certified Cloud Practitioner

Glad to have discovered Cybrary they are such a great tool to use to help diversify your knowledge through lessons, assessments and practices. All compact[ed] into highly detailed and informative chunks of information. Feeling very content with the results.

Temi B.
Cisco Certified Network Associate

Well, it took a long time, yet I struggled hard to complete the course "Become a SOC Analyst - Level 2" by Cybrary. Cybrary is the best platform that I have ever come across. Tons of virtual labs, great in-depth insights from the experts, and the best career path/learning modules.

Madiraju Pranay Kashyap
Programmar Analyst Trainee

I am currently working in a restaurant and going to school full time. But it is not stopping me from working on gaining more and more skills. I have already spent more than 30 hours on Become a SOC Analyst level 1 [with] Cybrary and still have 67 hours to go.

Abibou F.
SOC Analyst Level 1 Learner