CVE Series: noPac (CVE-2021-42278 and CVE-2021-42287)

Who should take this course?

Our noPac double vulnerability (CVE-2021-42278 and CVE-2021-42287) course is designed for anyone defensive and offensive security professionals. Penetration testers, red teamers, security and vulnerability analysts, and system administrators can take this course to learn how to protect against this critical vulnerability impacting enterprise systems or to exploit the vulnerability in their own testing activities.

Why should I take this course?

Following in the footsteps of both the Polkit and Log4j vulnerabilities, the noPac combined vulnerability is powerful and dangerous. In December 2021, the public exploit for noPac was released, which merged two Microsoft Active Directory design flaws. Attackers can exploit CVE-2021-42287, a privilege escalation flaw, as well as CVE-2021-42278, a security bypass vulnerability, to quickly gain access to a compromised system's domain controller in a matter of seconds. When exploited, adversaries can leverage noPac to escalate privileges to impersonate a domain administrator, where they can initiate a ransomware or domain takeover attack.

It is important to patch this double vulnerability as soon as possible, because it has put many systems at risk. Our course discusses the official patch, as well as additional methods for mitigating and preventing exploitation of the vulnerability that depend on your system preferences. Gain hands-on experience with exploiting and mitigating this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

What makes this course different from other courses on similar topics?

This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:

• Define the noPac vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders
• Exploit and mitigate the vulnerability using multiple different methods

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you've learned.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the new and dangerous noPac vulnerability that security researchers have yet to see the full impact of. In one hour, offensive and defensive security professionals can get ahead of the curve and be ready to defend their organization against what researchers are saying has the potential to be a significantly dangerous threat. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

• noPac Exploitation
• Introduction and Background
• Identifying the noPac Attack
• Exploiting the noPac Attack
• noPac Mitigation
• Mitigating the noPac Attack