Close
Training
CMD+CTRL Base Camp
SI-CSC Certification
Courses
Overview
Features
Learning Paths
Course Catalog
Customer Success
Try it
Labs
Cyber Range
Overview
Environments & Modes
Reporting
Customer Success
Get Started
Try it
|
Lab Journey series
Try it
|
Take the AppSec Challenge
Services
Overview
Software Penetration Testing
IoT Pen Testing
Mobile Pen Testing
Cloud & Web Penetration Testing
Blockchain Pen Testing
Our Difference
Application Security Consulting
Secure SDLC (SSDLC) Consulting
Application Security Code Review
Architecture & Design Review
Medical Device Threat Modeling
Infrastructure Security Consulting
Attack Simulation
Cloud Security Configuration
Security Tabletop Consulting
Solutions
Cloud & Web
Mobile
IoT & Embedded
Blockchain
Resources
Ed TALKS
White Papers, Tipsheets, & Case Studies
Webinars
About Us
Company Overview
20 Years of Innovation
Closing the Skills Gap
Diversity, Equity & Inclusion
Clients
Leadership
Careers
News & Events
Contact
Let’s Talk
Request a Demo
We’re Hiring
Blog
Course Catalog
Request a Demo
We’re Hiring
Blog
Course Catalog
Training
CMD+CTRL Base Camp
SI-CSC Certification
Courses
Overview
Features
Learning Paths
Course Catalog
Customer Success
Try it
Labs
Cyber Range
Overview
Environments & Modes
Reporting
Customer Success
Get Started
Try it
|
Lab Journey series
Try it
|
Take the AppSec Challenge
Services
Overview
Software Penetration Testing
IoT Pen Testing
Mobile Pen Testing
Cloud & Web Penetration Testing
Blockchain Pen Testing
Our Difference
Application Security Consulting
Secure SDLC (SSDLC) Consulting
Application Security Code Review
Architecture & Design Review
Medical Device Threat Modeling
Infrastructure Security Consulting
Attack Simulation
Cloud Security Configuration
Security Tabletop Consulting
Solutions
Cloud & Web
Mobile
IoT & Embedded
Blockchain
Resources
Ed TALKS
White Papers, Tipsheets, & Case Studies
Webinars
About Us
Company Overview
20 Years of Innovation
Closing the Skills Gap
Diversity, Equity & Inclusion
Clients
Leadership
Careers
News & Events
Contact
Let’s Talk
Course Catalog
/
Subject
/
MITRE ATT&CK
MITRE ATT&CK
View All Courses
Download Course Catalog
CYB 250 – Cyber Threat Hunting: Tactics, Techniques, and Procedures (TTP)
20 Minutes
Advanced
DES 232 – Mitigating OWASP 2021 Injection
12 Minutes
Advanced
LAB 111 – Identifying Server-Side Request Forgery
5 Minutes
Advanced
LAB 124 – Identifying Horizontal Privilege Escalation
5 Minutes
Advanced
LAB 125 – Identifying Buffer Overflow
5 Minutes
Advanced
LAB 126 – Identifying Information Leakage
5 Minutes
Advanced
LAB 131 – Identifying Improper Restriction of XML External Entity Reference
5 Minutes
Elective
LAB 132 – Identifying Exposed Services
5 Minutes
Elective
LAB 133 – Identifying Exposure of Sensitive Information Through Environmental Variables
5 Minutes
LAB 134 – Identifying Plaintext Storage of a Password
5 Minutes
LAB 135 – Identifying URL Redirection to Untrusted Site
5 Minutes
LAB 136 – Identifying Improper Neutralization of Script in Attributes in a Web Page
5 Minutes
LAB 137 – Identifying Improper Authorization (NEW)
5 Minutes
Advanced
LAB 139 – Identifying Use of a Key Past its Expiration Date (NEW)
5 Minutes
Advanced
LAB 211 – Defending Java Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 212 – Defending Python Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 213 – Defending Node.js Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 214 – Defending C# Applications Against Credentials in Code Medium
10 Minutes
Advanced
LAB 215 – Defending Java Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 216 – Defending Python Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 217 – Defending Node.js Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 218 – Defending C# Applications Against Business Logic Error for Input Validation
10 Minutes
Advanced
LAB 224 – Defending Java Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 225 – Defending Python Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 226 – Defending Node.js Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 227 – Defending C# Applications Against Forceful Browsing
10 Minutes
Advanced
LAB 310 – ATT&CK: File and Directory Permissions Modification
12 Minutes
Elite
LAB 311 – ATT&CK: File and Directory Discovery
12 Minutes
Elite
LAB 312 – ATT&CK: Testing for Network Services Identification (NEW)
12 Minutes
Elite
LAB 313 – ATT&CK: Testing for Vulnerability Identification Using Vulnerability Databases (NEW)
12 Minutes
Elite
LAB 315 – ATT&CK: Updating Vulnerable Java Web Application Server Software
12 Minutes
Elite
LAB 321 – ATT&CK: Password Cracking
5 Minutes
Elite
LAB 322 – ATT&CK: Exploiting Windows File Sharing Server with External Remote Services
20 Minutes
Elite
LAB 323 – ATT&CK: Exploiting Vulnerable Java Web Application Server Software
12 Minutes
Elite
LAB 324 – ATT&CK: Exploiting Java Web Application Server Misconfiguration
12 Minutes
Elite
LAB 330 – ATT&CK: Exploiting Java SQL Injection to Extract Password Hashes
15 Minutes
Elite
LAB 331 – ATT&CK: Network Service Discovery
12 Minutes
Elite
LAB 332 – ATT&CK: Network Share Discovery
12 Minutes
Elite
LAB 334 – ATT&CK: Create Account
12 Minutes
Elite
LAB 335 – ATT&CK: Unsecured Credentials
12 Minutes
Elite
LAB 336 – ATT&CK: Data from Local System
12 Minutes
Elite
LAB 337 – ATT&CK: Valid Accounts
12 Minutes
Elite