Skill Dive for Deeper Understanding
Pentester Academy is now Skill Dive, a secure, risk-free environment to put into practice what you’ve learned from traditional training. Expanded focus areas include: networking, cybersecurity, and cloud.
Dive InNew and Popular in Skill Dive
ProfessionalDeploying Cisco Collaboration Solutions
Elevate your Cisco collaboration skills with this curated collection that goes beyond the learning path. Meticulously designed for networking professionals aiming to excel in Cisco...
NoviceNuclei Security & Vulnerabilities
Nuclei Security Labs present a suite of interactive labs focusing on enhancing security practices in web applications using Nuclei, a cutting-edge vulnerability scanning tool. These labs are designed to provide real-world, hands-on experiences in identifying, exploiting, and mitigating a range of web vulnerabilities using Nuclei's extensive template library and custom fuzzing techniques. The labs cover a broad spectrum of activities from basic vulnerability detection to advanced topics like custom template creation and integrating Nuclei into CI/CD pipelines, making them ideal for both novices and experienced cybersecurity professionals.
ProfessionalAzure Active Directory Pentesting
In today's complex cybersecurity landscape, it is crucial for organizations to be aware of potential threats and vulnerabilities to strengthen their defenses against malicious attacks. Several techniques have been identified that target Azure Active Directory (Azure AD), Microsoft's cloud-based identity and access management service. Understanding these techniques is essential for defenders to implement robust security measures and protect their systems and enables them to fortify their defenses and protect Azure AD, thereby ensuring the security of sensitive information and user identities.
NoviceCar Hacking
Car hacking labs consist of a series of scenarios crafted for educational purposes, providing a hands-on experience to learn, understand and get started with car hacking. These labs provide a structured learning environment with practical modules covering crucial aspects such as CAN bus analysis, firmware reverse engineering. The key highlight is the incorporation of a simulation environment and tools, allowing participants to understand car hacking concepts without real-world risks.
Top CVEs
NoviceXZ Backdoor
The XZ Backdoor, also known as CVE-2024-3094, is a security vulnerability that affects systems using the XZ compression algorithm. This backdoor allows an attacker to execute arbitrary code or gain unauthorized access to a system. It's categorized as a critical vulnerability because it can potentially lead to serious security breaches and compromise the integrity of the affected systems. If you're responsible for system security, it's crucial to patch affected systems promptly to mitigate the risk posed by this vulnerability.
ProfessionalActiveMQ RCE
In 2023, a vulnerability was discovered in ActiveMQ: a Remote Code Execution (RCE) vulnerability. Remote Code Execution (RCE) refers to a security vulnerability that allows an attacker to execute arbitrary code on a target system from a remote location. This type of vulnerability can have serious consequences, as it enables unauthorized individuals to take control of a system, execute malicious commands, and potentially compromise the integrity, confidentiality, and availability of data and services.
ProfessionalOwnCloud AuthBypass
In 2023, a vulnerability was discovered in ownCloud, specifically, an issue related to Authentication Bypass. Authentication bypass refers to a security vulnerability or exploit that allows a user to gain access to a system or resource without providing the required authentication credentials. The affected OwnCloud versions ranging from core 10.6.0 to 10.13.0. The vulnerability was discovered by ambionics. Ambionics is a subsidiary of LEXFO, an independent firm with expertise in offensive security.
ProfessionalCalibre Arbitrary File Read
Calibre is a cross-platform free and open-source suite of e-book software. Calibre supports organizing existing e-books into virtual libraries, displaying, editing, creating and converting e-books, as well as syncing e-books with a variety of e-readers. Editing books is supported for EPUB and AZW3 formats. Books in other formats like MOBI must first be converted to those formats if they are to be edited. Calibre also has a large collection of community-contributed plugins.
What's in Skill Dive?
Cybersecurity
Collections + Labs
ProfessionalSecure Coding Defense
Designed for developers and security enthusiasts alike, this collection offers invaluable insights into fortifying applications against the most prevalent vulnerabilities. Engage with real-world scenarios across diverse frameworks, from .Net to Flask to Node.js, and master the art of writing safe, secure code. Each lab hones your skills, equipping you to preemptively recognize and remedy security threats. In a digital era where the integrity of code can make or break systems, arm yourself with the best defense: knowledge.
20 HANDS-ON LABS
AdvancedBlue Team Defender: Securing Systems
In the vast world of cybersecurity, defense is a nuanced art. This collection hones in on strategies and techniques for bolstering the security of various systems and services. From web applications like Wordpress and Joomla to servers such as Apache, Nginx, and MSSQL, delve into a comprehensive guide that addresses multiple layers of digital protection. It's not just about identifying vulnerabilities; it's about fortifying against them. Navigate through these labs and elevate your skills as a true blue team defender.
35 HANDS-ON LABSNoviceNuclei Security & Vulnerabilities
Nuclei Security Labs present a suite of interactive labs focusing on enhancing security practices in web applications using Nuclei, a cutting-edge vulnerability scanning tool. These labs are designed to provide real-world, hands-on experiences in identifying, exploiting, and mitigating a range of web vulnerabilities using Nuclei's extensive template library and custom fuzzing techniques. The labs cover a broad spectrum of activities from basic vulnerability detection to advanced topics like custom template creation and integrating Nuclei into CI/CD pipelines, making them ideal for both novices and experienced cybersecurity professionals.
9 HANDS-ON LABS
Networking
Collections + Labs
ProfessionalIP Services Fundamentals
The IP Services Fundamentals collection provides hands-on labs to master essential IP services. Dive into a comprehensive exploration of topics such as Network Address Translation (NAT), HSRP, NTP, Telnet, FTP, and more. Gain practical experience configuring and managing various IP services that are crucial for maintaining network connectivity, security, and reliability. Whether you're looking to enhance your networking skills or ensure the effective functioning of IP services in your network environment, this collection equips you with the knowledge and expertise needed to succeed. This collection is designed for network administrators and IT professionals.
27 HANDS-ON LABSProfessionalOSPF Security & Filtering
Diving into the realm of OSPF, this collection provides a comprehensive exploration of security measures and filtering techniques. Participants will discover the intricacies of both internal and external summarization, and they'll learn about various OSPF areas, from stubs to not-so-stubby configurations, understanding their unique characteristics and purposes. The nuances of LSA Type-3 filtering, Forwarding Address Suppression, and various OSPF authentication methods, including MD5 and SHA, come into focus. Additionally, labs on distribute-lists, route-maps, and database filtering illuminate the importance of accurate OSPF configurations for robust network security. This set of labs is a must for networking professionals keen on strengthening their OSPF security knowledge.
23 HANDS-ON LABSAdvancedAdvanced Routing
Explore On-Demand Routing (ODR), GRE Tunneling, policy routing, and more. Through hands-on labs, you'll gain practical insights into configuring and optimizing routing mechanisms, including backup interfaces, tunneling, and specialized routing scenarios. Expand your skills in managing complex network architectures and implementing advanced routing strategies to optimize traffic flow, redundancy, and routing decisions. Designed for experienced networking professionals, this advanced routing collection will help enhance your expertise in routing topics.
10 HANDS-ON LABS
Cloud
Collections + Labs
AdvancedAzure Compute Exploits & Mitigations
Gain a deep understanding of the vulnerabilities associated with Azure's compute services and the effective countermeasures to address them. This set of labs provides insights into risks like unencrypted virtual machine data, XML external entities, and misconfigured function permissions, among others. With a focus on Azure-specific features such as Container Registries, App Services, and Virtual Machines, the significance of both exploiting and safeguarding Managed System Identities is also detailed. Ideal for cybersecurity professionals engaged with Azure, this set is pivotal for enhancing security in Azure-based platforms.
18 HANDS-ON LABSProfessionalAWS Core Security & Identity
Explore the intricacies of securing AWS's critical components, with a concentrated focus on Identity and Access Management (IAM). Participants will explore common vulnerabilities related to IAM configurations, dive into misconfigured trust policies, learn about the implications of overly permissive permissions, and understand the dangers of certain policy combinations. The labs also cover the potential security risks associated with passing IAM roles to various AWS services like Lambda, EC2, and CloudFormation. This collection is best suited for cloud security professionals, AWS users, and those looking to deepen their understanding of IAM-related vulnerabilities and best practices in AWS environments.
19 HANDS-ON LABSNoviceGoogle Cloud Platform (GCP) Fundamentals
Explore the foundations of Google's Cloud Platform (GCP) with this select collection. Get hands-on experience deploying applications on Google Cloud Run, and creating and managing storage buckets using both Terraform and the GCP Console. Dive into virtual environment setups using Google Deployment Manager, Terraform, and the GCP Console. Further your skills by establishing serverless operations with Cloud Functions via Terraform and the native GCP interface. This collection is tailored for enthusiasts aiming to master the rudiments of GCP and efficiently set up scalable cloud solutions.
8 HANDS-ON LABSHow Does Skill Dive Fit into a Training Program?
Practice: Dive deep into exclusive Lab Collections, specifically curated to challenge your skills and reinforce your understanding.
Ready to Dive In?
Experience the power of Skill Dive and solidify your IT training through practical practice.
Get Started with Skill Dive
