ＨｉｄｅＺｅｒｏＯｎｅ

Welcome to the Governance, Risk, and Compliance (GRC) Analyst Master Class. This class assumes no prior background knowledge and is setup to give you a full scope understanding and the practical skills needed to be an effective GRC Analyst.

Cybersecurity workforce development is focused on red team and blue team skills, but GRC is terribly underserved for training.

This course fills that gap by offering practical application of risk, audit, policy development, and security awareness skills needed for modern GRC analysts.

Detection Engineering for Beginners teaches core concepts and skills to start thinking and working as a Detection Engineer!

This course will first teach the theory behind security operations and detection engineering. We’ll then start building out our home lab using VirtualBox and Elastic’s security offering. Then we’ll run through three different attack scenarios, each more complex than the one prior. We’ll make detections off of our attacks, and learn how to document our detections. Next we’ll dive more into coding and Python by writing validation scripts and learning out to interact with Elastic through their API. Wrapping everything up, we’ll host all our detections on GitHub and sync with Elastic through our own GitHub Action automations. As a cherry on top, we’ll have a final section on how to write scripts to gather important metrics and visualizations.

The objective of this course is to show students how to perform a full digital forensic investigation of a Windows system in a complete DIY setup.

The course covers a full digital forensic investigation of a Windows system. It begins with the simple preparation of our lab, which consists of setting up a “victim” VM and a forensic workstation. We’ll then run an attack simulation script on the victim VM that simulates attack patterns as commonly observed by threat actors in the industry to create a realistic setting for our investigation. From there, we’ll kick off the forensic process, beginning with the data collection, examination and extraction before diving deeper into the analysis of the information at hand.

This specialized and comprehensive course is designed to provide an in-depth understanding of cybersecurity practices, with a focus on ethical hacking techniques to safeguard digital infrastructure. Through a series of detailed modules, participants will delve into modern security architectures, learn how to set up and manage phishing simulations using tools like GoPhish, bypass multi-factor authentication with Evilginx, and explore advanced phishing and vishing strategies. The curriculum also covers essential setup procedures for domain and email registration, configurations for AWS EC2 instances, and the use of SMS phishing (smishing) for security testing. Furthermore, the course emphasizes the importance of reporting, documentation, and ethical considerations in cybersecurity operations.

Welcome to this course on Practical Web Hacking. This course follows on from the Practical Bug Bounty course and will take you deeper into the world of finding and exploiting vulnerabilities in web applications. It’s recommended that you have completed the Practical Bug Bounty course or at least one year’s worth of experience in hacking web applications before you take this course. In this course, you will develop a deeper understanding of how web attacks work, learn to craft custom payloads and build a methodology for finding and exploiting more complex vulnerabilities.

Practical Web Application Security and Testing is an entry-level course on web application technologies, security considerations for web application development, and the web application penetration testing process. We begin with the basics of HTTP, servers, and clients, before moving through the OWASP Top 10 on our way to a full demonstration penetration test. We also cover the reporting process for web application assessments, so you’re prepared not only to conduct security assessments on web applications but also clearly and effectively communicate your findings.