CVE Series: Log4J (CVE-2021-44228)
Offered By: Cybrary
Course Description
Overview
Who should take this course?
Our Log4J vulnerability (CVE-2021-44228) course is designed for intermediate-level learners in either the defensive or offensive security spaces. Offensive security professionals, SOC analysts, and system administrators can take this course to learn how to protect against this critical vulnerability impacting enterprise systems or to exploit the vulnerability in their own testing activities.
What are the prerequisites for this course?
You should have a functional understanding of Apache Log4J and how it is used in many systems, as well as basic knowledge of Java as a programming language and functional knowledge of web applications.
Why should I take this course?
The Log4J vulnerability (CVE-2021-44228) has been labeled by security experts as one of the most serious and far-reaching vulnerabilities of all time, with the highest possible CVSS criticality score of 10. This is because the open-source, Java-based Apache Log4J software is widely used among large and small organizations for routine log management in many applications and systems. With the Log4J vulnerability (CVE-2021-44228), threat actors can exploit the software to initiate a Remote Code Execution (RCE), data leakage, or Denial-of-Service (DoS) attack. Adversaries can also take advantage of the vulnerability to more effectively and efficiently launch other cyberattacks. Our course shows you how to exploit and mitigate this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.
What makes this course different from other courses on similar topics?
This course specifically covers a critical vulnerability that could affect your organization. In an interesting twist, the course uses the exploit as part of the mitigation. There are two instructors for this course. Clint Kehr is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Matt Mullins is a seasoned professional in offensive security with over a decade of experience where he has worked in medical, financial, and government spaces. Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security.
Why should I take this course on Cybrary and not somewhere else?
Our Log4J vulnerability (CVE-2021-44228) course enables you to learn from the foremost experts in the field and ensures your readiness to recognize and mitigate this CVE. Defenders will know how to protect their organization against this vulnerability. Offensive teams will be able to exploit this vulnerability. Our on-demand format affords you the flexibility to learn at your own pace.
Syllabus
- Log4J Vulnerability Exploitation
- Log4J Vulnerability Introduction and Background
- Identifying the Log4J Vulnerability
- Lab: Exploiting the Log4J Vulnerability
- Application of Use for Penetration Testers and Red Teamers
- Log4J Vulnerability Mitigation
- Root Cause and Mitigation
- Lab: Mitigate the Log4J Vulnerability
- Log4J Vulnerability Summary
Taught by
Clint Kehr and Matthew Mullins
Related Courses
A Beginner's Guide to Java ProgrammingPackt via FutureLearn A Simple Picture Storing App with Java and Android Studio
Coursera Project Network via Coursera Confluent Certified Developer for Apache Kafka (CCDAK)
A Cloud Guru JBoss EAP Administration
A Cloud Guru Advanced Data Structures in Java
University of California, San Diego via Coursera