Browse the Full Catalog

In this CompTIA PenTest+: Tools and Code Analysis course, you will learn about scripting and software development, how to analyze a script or code sample for use in a penetration test and use cases of different tools during the phases of the penetration test.

In this CompTIA PenTest+: Reporting and Communication course, you will learn about the components of written reports, how to analyze findings and recommend remediation and post-report delivery activities.

In this CompTIA PenTest+: Attacks and Exploits course, you will learn about network attacks, wireless attacks, application-based attacks, and post-exploitation techniques.

In this CompTIA PenTest+: Information Gathering and Vulnerability Scanning course, you will learn about active and passive reconnaissance and vulnerability scanning.

In this CompTIA PenTest+: Planning and Scoping course, you will learn about governance, risk, and compliance concepts, scoping and organizational/customer requirements, and the ethical hacking mindset.

The Microsoft Azure Fundamentals practice test by CyberVista helps you prepare for and pass the Microsoft AZ-900 exam, which requires learners to demonstrate foundational level knowledge of Azure cloud services and how those services are provided. AZ-900 is for non-technical users, or those who have some involvement with cloud based solutions.

In this AZ-900: Azure Management and Governance course you will learn about cost management in Azure, how to deploy Azure resources using PowerShell and Azure CLI, and monitoring tools within Azure.

In this AZ-900: Azure Architecture and Services course you will learn about Azure Compute and networking services, Azure storage, and understanding Azure identity, access, and security.

In this AZ-900: Cloud Concepts course you will learn about the benefits of cloud computing and understanding cloud service types.

In this challenge by Learn On Demand Systems, you will deploy an Azure virtual machine by using a modified Azure Resource Manager quickstart template. Next, you will configure Azure Cloud Shell, and then you will deploy a virtual machine by using Azure PowerShell commands. Finally, you will deploy a virtual machine by using Azure CLI 2.0 commands.

Gain hands-on experience using the Azure Functions service to create a function app that will start document processing when a file is uploaded to Azure storage. Lab activities include: creating a function app, creating a function that is triggered by blob storage and outputs a storage queue message, and testing the app by uploading a document.

The Microsoft Azure Security Technologies practice test by CyberVista helps you prepare for and pass the Microsoft AZ-500 exam, which requires learners to demonstrate knowledge of scripting and automation, networking, virtualization, cloud capabilities, Azure products and services, and other Microsoft products and services.

In this lab, you will control costs related to Azure resources. First, you will review the options on the Subscriptions page in the Azure portal. Next, you will review the Azure cost management options. Finally, you will create a cost management budget and alert.

‍

In this challenge, you will create and configure a network security group. First, you will create a network security group. Next, you will associate the network security group to a subnet. Finally, you will add security rules to the network security group.

In this Challenge Lab, you will manage users, groups, and administrative units in Microsoft Entra ID. Prerequisite Lab: Microsoft Identity and Access Administrator (Prerequisite Lab)

In this lab, you will deploy and manage Azure virtual machines. First, you will deploy a Windows virtual machine, and then you will view the properties of an existing virtual machine to understand which properties can be managed.

Gain hands-on experience protecting Microsoft Azure resources from modification and deletion. Lab activities include: applying locks to an Azure resource, testing the locks, applying a lock to a resource group, and testing the inheritance of the lock.

Gain hands-on experience protecting your Azure virtual network from distributed denial of service (DDoS) attacks. Lab activities include: creating an Azure DDoS protection plan, creating and configuring an Azure virtual network, and associating the Azure DDoS protection plan to your Azure virtual network.

Gain hands-on experience developing an Azure Logic App using messaging services. Azure Logic Apps are used to increase scale and portability while automating business-critical workflows. Lab activities include: deploying a logic app and testing the Logic App by consuming queue messages.

In this lab, you will gain hands-on experience with running Azure PowerShell cmdlets and command-line interface (CLI) 2.0 commands. First, you will be tasked with configuring Azure Cloud Shell for first-time use and utilize PowerShell cmdlets to create a virtual network. Finally, you will use CLI 2.0 commands to create a virtual network.

Get control of your cloud sprawl by grouping assets with similar purposes, lifecycles, and update requirements using Azure Resource Groups. Walk through a real-world scenario in this lab to see how Azure Resource Groups can help you get control of your cloud environment.

In this AZ-500: Manage Security Operations course, you will learn logging and monitoring in Azure, Microsoft Defender for Cloud, and Azure Sentinel.

In this AZ-500: Secure Compute, Storage, and Databases course, you will learn about managing keys and certificates in Azure, Azure Storage Securty, and Azure SQL.

In this AZ-500: Secure Networking course, you will learn about Azure Firewall, host security, and deploying and securing AKS.

In this AZ-500: Manage Identity and Access course, you will learn about accessing and securing Azure solutions with Azure Active Director, implementing identity protection with conditional access and multi-factor authentication, and priviliged identity management.

In this hands-on challenge, you will practice researching log events related to a reported spearphishing attack.

In this hands-on challenge, you will practice researching network observables.

In this hands-on challenge, you will practice analyzing log events related to Windows authentication.

In this hands-on challenge, you practice profiling a suspicious process on a Windows system.

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2024-23897 is a critical security flaw affecting Jenkins, a Java-based open-source automation server widely used for application building, testing, and deployment. It allows unauthorized access to files through the Jenkins integrated command line interface (CLI), potentially leading to remote code execution (RCE).

In this hands-on challenge, you will practice using SIEM search expressions to locate suspicious activity related to XRDP traffic.

CVE-2023-27524 is a critical vulnerability in Apache Superset, affecting versions up to 2.0.1. It enables attackers to bypass authentication by exploiting weak or default SECRET_KEY values. Attackers can forge session cookies to gain admin access, leading to potential remote code execution and unauthorized data access.

‍

Confluence suffers from a Broken Access Control vulnerability that affects Data Center and Server versions 8.0.0 to 8.3.2, 8.4.0 to 8.4.2, and 8.5.0 to 8.5.1. Threat actors exploit this vulnerability to obtain administrator access to Confluence servers. Put on your Red Team hat to create your own malicious admin account leveraging this CVE!

Royal is a spin-off group of Conti, which first emerged in January of 2022. The group consists of veterans of the ransomware industry and brings more advanced capabilities and TTPs against their victims. Begin this campaign to learn how to detect and protect against this newer APT group!

Magic Hound (APT35) is an Iranian state-sponsored threat group that primarily targets organizations across various industries and geographic regions through cyber espionage. Launch this campaign to start detecting the sophisticated techniques leveraged by this threat group.

Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.

Threat actors will use stolen data exfiltrated from victim systems to extort organizations. Once they gain a foothold, they delete critical system files and threaten to release the data or disrupt operations if the victims do not pay up. Understanding these techniques is vital to defending your organization from such attacks.

Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.