Browse the Full Catalog
Cybrary has the fastest growing, fastest moving catalog - We publish new content weekly! Learn at your own pace - with flexible learning, you can build your skills whenever, wherever.
The content and tools you need to build real-world skills
Rapidly develop your skills via an integrated, and engaging learning
experience on the Cybrary platform.
On-Demand Video Training
Expert instructed from industry leaders
Virtual Labs
Hands on experience to apply and reinforce newly learned skills
Practice Exams
Prepare for industry certifications
Assessments
Gauge your skill development and see real-time progress
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Systems Security Certified Practitioner (SSCP)
Obtaining your SSCP certification signifies that you possess the ability to tackle the operational demands and responsibilities of security practitioners, including authentication, security testing, intrusion detection/prevention, incident response and recovery, attacks and countermeasures, cryptography, malicious code countermeasures, and more.
CompTIA CySA+ (CS0-002)
The CompTIA Cybersecurity Analyst (CySA+ CS0-002) certification prepares you to identify and combat malware, advanced persistent threats (APTs), and other attacks that threaten an organization’s security. Enroll now to gain hands-on training as you build your skills in threat and vulnerability management, incident response, and more.
CompTIA IT Fundamentals
This CompTIA IT Fundamentals course is aimed at people considering a career change to IT. The course will prepare you to take the CompTIA IT Fundamentals certification exam. If you are new to IT this course is prerequisite knowledge that allows you to tackle the more advanced A+ and Network+ CompTIA certifications that many IT professionals hold.
CertNexus Cybersec First Responder
Prepare for the CertNexus Cybersec First Responder (CFR-410) exam! If you're an IT professional seeking to enhance your response to events involving networking, application security, and cloud environments, then this course is for you. Gain insights on zero-day exploit identification, log management, and more.
CISM Certification Course & Training
A CISM certification shows you have an all-around technical competence and an understanding of the business objectives around data security. Our CISM training helps you understand the core concepts required of a security manager, and prepare you for the CISM exam. There are no prereqs for this course, but the exam requires five years of experience.
AZ 900 Azure Fundamentals Certification Course & Training
This Microsoft Azure Fundamentals (AZ-900) course is designed to prepare non-technical professionals to use cloud-based solutions and services such as computing, storage, networking and security to power their organization’s processes. This course is an excellent way to prepare for the AZ-900 certification exam. No prerequisites required!
AZ-305 Designing Microsoft Azure Infrastructure Solutions
Take your cloud architect career to the next level with this advanced AZ-305 course, where you will learn to design infrastructure solutions in Microsoft Azure. Learn best practices related to governance, application-architecture, storage, data integration, and more. You will use case studies to determine the best solution for a given scenario.
AZ-500 Microsoft Azure Security Technologies
Azure security engineers are responsible for protecting against vulnerabilities, implementing threat protection, and responding to incident escalations. In this AZ-500 course, you will learn the cloud-based security skills needed to protect hybrid environments. This course also prepares you for the AZ-500 certification exam.
CompTIA CASP+ (CAS-004)
Established IT professionals can level up by obtaining their CompTIA Advanced Security Practitioner CAS-004 CASP+ certification. Stand out among your peers with this CASP training that covers enterprise security, risk management, applied cryptography, system and network security, identity management, incident response, and emerging technologies.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
CompTIA
Cyber Defense Analyst
Career Path
Entry Popular
Practitioner Popular
SOC Analyst, Level 1 Certification Prep, Training & Courses
A Security Operations Center Analyst (SOC Analyst) stands as a front line of defense against the ever present cyber threats faced by organizations today. A SOC team ensures an organization’s digital assets remain secure and protected from unauthorized access by monitoring and responding to massive amounts of data in record time. In this role, you will protect your organization’s infrastructure by monitoring data to identify suspicious activity, then mitigating risks before a breach occurs. Cybrary's Become a SOC Analyst - Level 1 career path will equip you to break into the field with skills aligned to the US National Institute of Standards and Technology's Cyber Defense Analyst NICE work role.
Leadership and Management
Manager Popular
Leadership and Management
Manager Popular
Career Path
Entry Popular
Foundations
IT Foundations
Learn the foundational IT concepts essential to all cybersecurity roles, and stop wasting time trying to figure out where to get started. Too many beginners get discouraged navigating unreliable, outdated, and irrelevant information, making it feel impossible to know how to move forward. That’s why we’ve curated this IT foundations course, featuring thoughtful, bite-sized content from expert instructors who have helped thousands of other beginners grasp essential IT topics. Get ready to take your first steps into cybersecurity by diving into core IT concepts needed for any cybersecurity role.
Career Path
Entry Popular
Foundations
Cybersecurity Foundations
Get everything you need to start your cybersecurity career journey, and stop wasting your time (and money) sorting through unreliable information from questionable sources. While the industry offers very lucrative career opportunities, finding accurate, relevant information to break into the field can be incredibly frustrating. That’s why we’ve crafted this foundational course, with curated content from expert instructors covering core concepts found across all cybersecurity roles. Build practical skills and gain confidence as you begin your cybersecurity journey.
CompTIA A+
CompTIA Linux+
Microsoft 365 Fundamentals (MS-900)
CompTIA
Microsoft
System Administrator Certification, Training & Career Path
The System Administrator Career Path is the perfect starting point for professionals with little background in IT or cybersecurity. Build your foundation of knowledge, skills, and abilities that will launch you into your next industry position.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Defensive Security and Cyber Risk
In this course, you will learn the basics of defensive security and cyber risk. You will review foundational risk management concepts such as calculating risk and strategies for dealing with risk. You will also explore the NIST CSF as a framework for understanding defensive security.
SC-300 Microsoft Identity and Access Administrator
Learn to design, implement, and operate your organization’s identity and access management (IAM) systems by using Microsoft Azure Active Directory, part of Microsoft Entra. As an IAM admin, you'll collaborate with many other roles to drive strategic identity projects, modernize identity solutions, and implement identity governance.
SC-200 Microsoft Security Operations Analyst
Learn to reduce risk by rapidly remediating active attacks in your environment, advising on improvements to threat protection practices, and referring policy violations to appropriate stakeholders. You will get the most out of this course if you are familiar with Microsoft 365, Azure cloud services, and Windows and Linux operating systems.
Check Point Jump Start: Quantum Spark Network Security
The Check Point Quantum Spark 1500 Pro security gateway family delivers enterprise-grade security in a series of simple and affordable, all-in-one security solutions to protect small business employees, networks, and data from cyber-theft. This course is suitable for new learners with no prior experience with Check Point Network Security products.
Careers In Cybersecurity
Getting started in cybersecurity can be tough, and the number of careers seems endless. This course will get you hands-on with six of the most common cybersecurity roles, including penetration tester, digital forensics, cloud security, governance, security analyst, and security engineer. Decide which career is right for you today!
Penetration Testing and Ethical Hacking
To assess the strength of your organization’s cybersecurity posture, you need to gather information, perform scanning and enumeration, and show how an adversary could hack into your systems. This ethical hacking course will give you those skills and prepare you for related certification exams so you can prove your capabilities.
CIS Critical Security Control 5: Account Management
Welcome to our course series on CIS Top 18 Critical Security Controls v8. In this course covering control 5: Account Management, you'll learn best practices for establishing group policies for complex and unique passwords for users. Plus, gain hands-on experience with disabling dormant accounts and centralizing account management.
CIS Critical Security Control 7: Continuous Vulnerability Management
Welcome to our course series on CIS Top 18 Critical Security Controls v8. In this course covering control 7: Continuous Vulnerability Management, you'll demonstrate how to configure a repository for Linux servers and configure a Windows System Update Service for a domain controller. Get hands-on with automated OS and application patch management!
Cybrary Challenges
Cybrary Challenge: Motor Mayhem
In this challenge, you will take on a CAN Bus challenge by analyzing a CAN Bus dump file. The Controller Area Network (CAN bus) is a message-based protocol found in the automobiles that we use today. Every action of the car is recorded into this dump file. This allows us to read vehicle operations such as turn signals and other vehicle operations.
Cybrary Challenges
Cybrary Challenges
Challenge: Memory Mysteries
In this challenge, you will take on a memory forensics challenge by analyzing a dump file. Memory forensics is an important piece of evidence when conducting a forensics investigation. Unique insights such as network connections and injected processes can be found through memory analysis.
Cybrary Challenges
Cybrary Challenges
Cybrary Challenges
Cybrary Challenges
Challenge: Between Two Numbers
In this challenge, you will take on a reverse engineering challenge by analyzing a binary file. Malicious attackers will always use malware or custom binary files to execute their goals. The goal is to show from an analyst point of view (POV) how to do basic file analysis.
Cybrary Challenges
Challenge: Saving A Fellow Spy
You will take on a cryptography challenge in this challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Cybrary Challenges
Challenge: Space Mission
In this challenge, you will take on a cryptography challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Cybrary Challenges
Challenge: A Message Within A Message
In this challenge, you will take on a cryptography challenge by decrypting intercepted encrypted messages. Malicious attackers use cryptography to their advantage for attacks and remaining undetected. The goal is to show how attackers can effortlessly embed data within messages to hide their activity.
Cybrary Challenges
Challenge: Don't Believe What You Hear
In this challenge, you will take on a Steganography challenge identifying embedded data within an audio file. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Cybrary Challenges
Challenge: Chatting with ChatGPT
In this challenge, we will take a different approach and dive into the world of AI technology. By completing this challenge, you will learn more about ChatGPT, how it works, its capabilities, and its limitations. As cybersecurity professionals, it is essential to adapt to the ever-changing technology and security landscape.
Cybrary Challenges
Challenge: Saving a Fellow Monster
In this challenge, you will take on a Steganography challenge identifying embedded data within an image. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Cybrary Challenges
Challenge: Gobble Gobble Conceal & Deceive
In this challenge, you will take on a Steganography challenge identifying embedded data within an image. Malicious attackers use Steganography for attacks such as macro-enabled Word documents, to conceal covert communication, and more. The goal is to show how attackers can effortlessly embed data within files to hide their activity.
Cybrary Challenges
Cybrary Challenges
Cybrary Challenges
Challenge: For the Rebellion or the Empire
This challenge will have you analyze traditional Registry artifacts to identify unauthorized activity. The goal is to see from a blue teamer's point of view the actions an unauthorized user may take on a victim's system when there are inadequate security controls in place.
Cybrary Challenges
Challenge: Update B4 It's 2Late
National Cybersecurity Awareness Month has four themes; the last being 'Update Your Software.' This challenge will have you analyze a log and identify a web application attack. The goal is to piece together the narrative from the suspicious requests and understand how attacks like these can happen when you do not update your software.
Cybrary Challenges
Challenge: MFA ... All Day Every Day
National Cybersecurity Awareness Month has several themes, one of which is Multi-Factor Authentication (MFA). This MFA challenge will have you analyze a log and identify the potential MFA attack. The goal is to review suspicious requests and identify how MFA can be attacked in real-world use cases.
Cybrary Challenges
Challenge: Password123
National Cybersecurity Awareness Month has several themes, one of which is Password Complexity Awareness. This password challenge will have you analyze a password and validate if it is secure. The goal is to attempt to crack a password and gain hands-on skills to evaluate the importance of password complexity for real-world use cases.
Cybrary Challenges
Challenge: Teach a Person to Phish
National Cybersecurity Awareness Month has several themes, one of which is Phishing Awareness. This phishing challenge will have you analyze a real phish caught in the wild! The goal is to identify exactly why it was flagged as a phish and gain hands-on skills to validate a suspicious email!
Cybrary Challenges
Challenge: Episode II - Attack of the Encoders
Adversaries commonly use encoding, encryption, and hashing to obscure their scripts and attacks. As a CTF player, you will need to analyze alerts and uncover the true nature of a suspicious string embedded in a file. Can you help figure out what it’s trying to say?
Cybrary Challenges
Cybrary Challenges
Challenge: The Base(64)ics
Threat actors commonly use legitimate tools in nefarious ways. As a CTF player, you’ll need to find creative ways to uncover these types of tactics. While evaluating a recent alert in your EDR, you’ve come across a weird string at the end of a powershell command. Can you help figure out what it’s trying to say?
Cybrary Challenges
Challenge: Spiny Shell
You receive an alert about a suspicious command execution on a Windows endpoint. Early analysis suggests PowerShell has not locked down appropriately. Can you validate if anything malicious is underway? Now that you have some basic information discovered, dive deeper into the suspicious command to identify the attacker's infrastructure and setup!
CVE Series
CVE Series: WinRar Vulnerability (CVE-2023-38831)
WinRAR, a popular 1990s file archiver still used by 500 millions users worldwide, suffers from a high severity Remote Code Execution (RCE) vulnerability. In this course you’ll be putting on your Red Team hat to create your own malicious file and gain control of the victim’s computer by leveraging this CVE!
CVE Series
CVE Series: Openfire (CVE-2023-32315)
If you're a cybersecurity practitioner who wants to know more about how to exploit and defend against CVE-2023-32315 (Openfire Path Traversal to RCE), you won't want to miss this course. You will identify the vulnerability, exploit it, and mitigate it in a hands-on, secure lab environment. Don't let Openfire catch you off guard.
CVE Series
CVE Series: Dirty Pipe (CVE-2022-0847)
Dirty Pipe (CVE-2022-0847) is the most critical vulnerability to impact Linux distributions in years. By exploiting this local kernel flaw, adversaries can quickly escalate privileges and even gain root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.
CVE Series
CVE Series: noPac (CVE-2021-42278 and CVE-2021-42287)
Ready to defend your organization against the critical noPac double vulnerability (CVE-2021-42278 and CVE-2021-42287) that can lead to advanced privilege escalation on Windows systems? Get ahead of the curve in this hands-on course that allows you to both exploit and mitigate this vulnerability with potentially significant, far-reaching impacts.
CVE Series
CVE Series: Polkit (CVE-2021-4034)
The Polkit vulnerability (CVE-2021-4034) is a critical vulnerability impacting every major Linux distribution. Its attack vector allows privilege escalation and can even give the attacker root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.
CVE Series
CVE Series: Log4J (CVE-2021-44228)
The Log4J vulnerability (CVE-2021-44228) took the world by storm in late 2021. Do you have what it takes to exploit and mitigate this critical vulnerability that experts say had the biggest global impact since Shellshock? Find out in this course, where you'll put your defensive and pen testing skills to the ultimate test in a virtual lab.
CVE Series
CVE Series: InstallerFileTakeOver (CVE-2021-41379)
InstallerFileTakeOver (CVE-2021-36934) is a Windows elevation of privilege vulnerability that emerged in late 2021 and could allow a threat actor to acquire elevated SYSTEM-level access. You will exploit this vulnerability in a virtual lab environment and learn how to mitigate it so you can protect your organization.
CVE Series
CVE Series: MSHTML Vulnerability (CVE-2021-40444)
The MSHTML Windows remote code execution vulnerability (CVE-2021-40444) identified in September 2021 could allow a threat actor to execute code on a victim’s machine. In this advanced course, you will exploit and mitigate this vulnerability in a secure lab environment, giving you the skills you need to protect your organization.
CVE Series
CVE Series: HiveNightmare (CVE-2021-36934)
HiveNightmare (CVE-2021-36934) is a serious vulnerability that gives threat actors access to sensitive data in the Windows Registry. Don't get stung by HiveNightmare. Get hands-on experience mitigating and exploiting this vulnerability in a secure lab environment by taking this course today.
CVE Series
CVE Series: PrintNightmare (CVE-2021-1675 and CVE-2021-34527)
PrintNightmare (CVE-2021-1675 and CVE-2021-34527) is a critical vulnerability in the Windows Print Spooler service running on almost every Windows operating system. Dive into a hands-on lab and course where you will exploit and mitigate the vulnerability. Don't get caught unaware by PrintNightmare.
CVE Series
CVE Series: Ghostcat (CVE-2020-1938)
If you're a cybersecurity practitioner who wants to know more about how to exploit and defend against Ghostcat (CVE-2020-1938), the you won't want to miss this course. You will identify the vulnerability, exploit it, and even mitigate it in a hands-on, secure lab environment. Don't let Ghostcat catch you off guard.
CVE Series
CVE Series: F5 BIG-IP (CVE-2022-1388)
The BIG-IP iControl REST vulnerability (CVE-2022-1388) is a critical flaw that allows unauthenticated attackers to execute system root-level commands remotely. This vulnerability was given a CVSS score of 9.8 due to how easy it is to exploit and the level of access it grants attackers. Learn how to exploit and mitigate this vulnerability today!
CVE Series
CVE Series
CVE Series: Atlassian Bitbucket Command Injection (CVE-2022-36804)
The Atlassian Bitbucket command injection flaw (CVE-2022-36804) is a remote, unauthenticated, command injection vulnerability affecting application programming interface (API) endpoints in Bitbucket Server and Data Center. Stop an attacker from stealing sensitive information or installing malware as you exploit and mitigate this vulnerability!
CVE Series
CVE Series: Grafana Directory Traversal (CVE-2021-43798)
The Grafana Directory Traversal vulnerability (CVE-2021-43798) is a critical arbitrary file reading vulnerability impacting global Grafana servers and has been exploited in the wild. Take this course to learn how to exploit and mitigate this vulnerability!
CVE Series
CVE Series: Blind NoSQL Injection (CVE-2021-22911)
The Blind NoSQL Injection vulnerability (CVE-2021-22911) is a critical flaw impacting Rocket.Chat servers across the globe and has been known to be exploited in the wild. Stop an adversary from potentially executing commands on a victim system by learning how to exploit and mitigate this vulnerability!
CVE Series
CVE Series: Apache HTTPD (CVE-2021-42013)
The Apache HTTPD vulnerability (CVE-2021-42013) is a critical flaw impacting servers across the globe. This vulnerability gives an attacker the ability to enumerate a system and execute commands on the victim system if exploited. Exploit and mitigate the vulnerability in a secure lab environment!
CVE Series
CVE Series: Apache Spark (CVE-2022-33891)
Apache Spark is the biggest open-source project used for large-scale data processing and machine learning. Companies love it for its fast speed and ease of use. But a security flaw allows an adversary to just add a shell command to the URI to perform an arbitrary shell command execution. Exploit this flaw today using two attack vectors!
CVE Series
CVE Series: Django (CVE-2022-34265)
Django is a Python-based web framework design for fast, easy application creation. Popular apps like Instagram and Clubhouse use Django, but are you prepared to exploit and mitigate the high-risk Django flaw (CVE-2022-34265) that leaves applications vulnerable to SQL injection attacks? Put your pentest skills to the test in our course!
CVE Series
CVE Series: Follina (CVE-2022-30190)
The Follina exploit (CVE-2022-30190) is a Windows Remote Code Execution (RCE) vulnerability that could allow a threat actor to acquire an initial level of access after a successful phishing attack. Take our course to gain the skills you need to identify the vulnerability, detect it, and mitigate it (with current best knowledge).
CVE Series
CVE Series: Confluence RCE (CVE-2022-26134)
CVE-2022-26134 is an Object-Graph Navigation Language (OGNL) injection flaw impacting Atlassian Confluence & Data Center software. Leveraging this remote code injection (RCE) flaw, adversaries can execute arbitrary code on a server. Atlassian tools are popular with more remote work, so mitigation is key. Exploit, detect, & mitigate this flaw!
CVE Series
CVE Series: OpenSSL Infinite Loop (CVE-2022-0778)
The OpenSSL infinite loop vulnerability (CVE-2022-0778) is a critical flaw impacting systems running OpenSSL versions 1.0.2, 1.1.1 and 3.0. If exploited, this vulnerability allows adversaries to perform a denial-of-service (DOS) attack. Take our course to exploit this vulnerability in a secure lab environment.
CVE Series
CVE Series: Redis (CVE-2022-0543)
The Redis vulnerability (CVE-2022-0543) is a critical flaw impacting Linux systems across the globe. By exploiting this vulnerability, any user can remotely execute commands as a root user on a system. Take our course to exploit and mitigate the vulnerability in a secure lab environment, giving you the skills you need to protect your organization.
CVE Series
CVE Series: Spring4Shell (CVE-2022-22965)
Spring4Shell (CVE-2022-22965) is a critical Remote Code Execution (RCE) vulnerability affecting Spring, a common application framework library used by Java developers. You will exploit and mitigate this vulnerability in a virtual lab, giving you the skills you need to “Spring” into action and protect your organization!
Threat Actor Campaigns
Royal Ransomware Group
Royal is a spin-off group of Conti, which first emerged in January of 2022. The group consists of veterans of the ransomware industry and brings more advanced capabilities and TTPs against their victims. Begin this campaign to learn how to detect and protect against this newer APT group!
Threat Actor Campaigns
Threat Actor Campaigns
Raspberry Robin
Raspberry Robin is a malware family that continues to be manipulated by several different threat groups for their purposes. These threat actors (Clop, LockBit, and Evil Corp) specialize in establishing persistence on a compromised host and creating remote connections to use later. Once established, these C2 connections can be used for multiple purposes, including data exfiltration, espionage, and even further exploitation.
Threat Actor Campaigns
Double Trouble with Double Dragon
Advanced Persistent Threats (APTs) conduct state-sponsored cyberattacks that can radically disrupt global business operations. Launch this campaign to start detecting sophisticated techniques leveraged by APT41, known as "Double Dragon" because they cause double trouble with both espionage and financially-motivated attacks!
Threat Actor Campaigns
Weak Link in the Supply Chain
Threat actors known as Advanced Persistent Threats (APTs) conduct highly sophisticated attacks sponsored by nation-states. They maintain a committment to stealth and often use custom malware. This campaign emulates a supply chain attack by APT29 that is similar to the SolarWinds compromise and it has the end goal of stealing sensitive information.
Threat Actor Campaigns
Spinning a Web Shell for Initial Access
Certain threat actors specialize in targeting vulnerable web servers and gain initial access by exploiting public-facing applications. Then they act as access brokers for ransomware gangs. Such campaigns highlight the need to protect against known vulnerabilities. Understanding these techniques is key to protecting your organization.
Threat Actor Campaigns
Exfiltration and Extortion
Threat actors will use stolen data exfiltrated from victim systems to extort organizations. Once they gain a foothold, they delete critical system files and threaten to release the data or disrupt operations if the victims do not pay up. Understanding these techniques is vital to defending your organization from such attacks.
Threat Actor Campaigns
Ransomware for Financial Gain
Threat actors continue to leverage ransomware to extort victim organizations. What was once a simple scheme to encrypt target data has expanded to include data disclosure and targeting a victim’s clients or suppliers. Understanding the techniques threat actors use in these attacks is vital to having an effective detection and mitigation strategy.
Instructors
Industry Seasoned. Cybrary Trained. Our instructors are current industry professionals trained by Cybrary to ensure consistency in quality and content.