ＨｉｄｅＺｅｒｏＯｎｅ

This is a large, hands-on IoT security course that takes you across the entire connected-device stack and then teaches you how to defend it. It mirrors its title: a hacking half that goes on the offensive across hardware, firmware, networks, radio, mobile apps, and the cloud, followed by a hardening half that maps a concrete defense back to every attack you learn.

Tenable Nessus is a powerful vulnerability scanner that helps you identify and fix security issues in your network, web applications, cloud infrastructure, and more. With Nessus, you can:

• Scan your IT assets for thousands of known and emerging vulnerabilities, with low false positives and high accuracy.
• Audit your systems for compliance with industry standards and best practices, such as PCI DSS, CIS Benchmarks, NIST, and more.
• Discover and assess your internet-exposed attack surface, including web applications, domains, certificates, and cloud assets.
• Leverage advanced features such as web application scanning, external attack surface scanning, cloud infrastructure scanning, and custom policies.

Tired of theoretical phishing courses? This is the definitive, hands-on training for penetration testers and red team operators who need to move beyond theory and execute realistic, effective phishing campaigns against modern, hardened targets. In this course, you won’t just learn about phishing—you’ll build, launch, and manage full-scale campaigns using industry-standard tools like GoPhish and the powerful Evilginx framework, learning to bypass Multi-Factor Authentication (MFA) and common email defenses.

The cloud is the new network. Modern enterprises are running on Amazon Web Services (AWS), and security professionals need to master the unique attack surface it presents. If you’re a pentester, bug bounty hunter, or security engineer ready to conquer the cloud, this course is for you. This course is a comprehensive, hands-on journey into the world of AWS penetration testing. You’ll move past theory to build, configure, and exploit real-world cloud vulnerabilities in a safe, controlled lab environment using industry-standard tools like Pacu and CloudGoat.

A professional, lab-driven training program that moves you from fundamentals to full-scale C2 operations — with hosted labs, instructor demos, real-world workflows, quizzes, and a capstone that proves you can execute the entire attack lifecycle. This course is geared towards beginners who are interested in working with their first C2. If you already have experience with Sliver C2, you likely will not find this course beneficial.

API hacking expert, Dr. Katie Paxton-Fear AKA InsiderPhD, takes you far beyond her Free Upskill Challenges on the basics of APIs to be your personal guide on learning the hands-on skills needed in today’s competitive job market. This fully interactive course is the ultimate guide to hacking APIs! From discovering API endpoints to using Burp and Postman, Katie covers the entire OWASP API Top 10 from entry point to exploit.

Attacking Active Directory with Linux (LinuxAD) is a training environment and playground. Students get access to a dedicated lab setup (not shared with other students). The lab contains a Linux-based machine to execute attacks and a target AD setup. The target AD is a fully patched AD environment with all Server 2019 machines.