In this talk, you'll learn about common IaC risks and best practices for securing infrastructure at scale using policy-as-code in both in build-time and run-time.

Attacking wireless networks is one of the main tasks during a red team exercise. The Aircrack-ng suite is a framework for WiFi security assessments. In this course, we cover how to get initial access on wireless networks using the Aircrack-ng tool.

Gophish is an open source phishing tool written in the Go programming language for use by businesses and penetration testers to test for phishing awareness in their organization. In this course, you will learn Initial Access using Gophish.

King Phisher is a feature-rich tool for coordinating and monitoring successful phishing campaigns to further red teaming objectives towards initial access. In this course, you will learn initial access using King Phisher.

Malicious office documents are an effective way to gain an initial foothold into a network. In this course, you will learn how to use Luckystrike to create custom malicious office documents, manage multiple payloads, and utilize custom templates.

sqlmap is a powerful automation tool for identifying and exploiting SQL injection flaws. Add another tool to your toolbox by using sqlmap to exfiltrate data and gain initial access.

In this course, you will learn how to gain that crucial initial access using a hardware device called a Bash Bunny. You will explore how to leverage Human Interface Device (HID) emulation to compromise targets, and how to write your own scripts to create custom payloads.

During a red team exercise, getting access to the internal network is one of your first tasks. In this course, we cover the WiFi-Pumpkin tool, which allows you to create rogue access points with fake captive portals.

This course will teach you about the inherent risks with leveraging open source libraries and components in your solutions, and how you can mitigate those risks using a software composition analysis tool, called WhiteSource Bolt, to scan your code.

HashiCorp Vault is a cloud-agnostic tool providing Secrets life-cycle management. This course will teach you the fundamentals of using HashiCorp Vault and how to install and configure a production instance.

This course will teach you how to install the Active Directory Certificate Services role on Windows Server 2019 and how to manage the certificates and templates that you create.

The more you make use of Vault, the more value you’ll generate from it. This course will teach you how to integrate Vault with a wealth of DevOps tools and workflows.