ＨｉｄｅＺｅｒｏＯｎｅ

Learn how to use sqlmap in-depth for professional engagements like pentests or bug bounties. sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we’re learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we’ve covered sqlmap’s options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives. The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API.

In this hands-on course, you’ll learn how to use Terraform to securely deploy resources on AWS using Infrastructure as Code (IaC). Guided by instructors with experience running Terraform in production, we’ll take you step-by-step from zero prior Terraform knowledge to confidently writing infrastructure as code and deploying production-ready AWS resources securely.

Learn what Amazon S3 is, how it works, and how to protect your data. This course will show you how to create and configure buckets, upload and access objects, avoid common security misconfigurations (some of which have resulted in massive breaches), and how to run regular automated scans with open source tools to discover issues. You’ll also learn to think like an attacker to find weaknesses that could potentially be exploited. The course was designed to provide a heavy dose of hands-on, practical learning with a mixture of taking action through the console, CLI, and roles.

Learn how to use IAM Roles like the pros. This course answers questions like:

• What are IAM roles and how are they different from users?
• When should you use roles, and how?
• What are differences between trust policies, managed policies, and inline policies?
• What’s an effective way to assume roles?
• How does role chaining work? How does cross-account access work?
• What is IAM Roles Anywhere and how does it work?
• What are service-linked roles, and how are they different from service roles?
• What are security implications of using roles?

Learn hands-on how to exploit AWS cloud misconfigurations and build practical skills with step-by-step walkthroughs, labs, and CTFs. CloudGoat enables you to deploy vulnerable-by-design AWS scenarios in your own environments, although we will be providing a couple of those scenarios as 1-click deploy 🧪 Cybr Hands-On Labs if you would rather not use your own environments. Not all of the scenarios will be available with our labs due to how vulnerable they are.