YoVDO

CVE Series: Redis (CVE-2022-0543)

Offered By: Cybrary

Tags

Redis Courses Cybersecurity Courses Penetration Testing Courses System Administration Courses Security Analysis Courses

Course Description

Overview

Who should take this course?

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Why take this course?

Redis, or Remote Dictionary Server, is an open-source, NoSQL in-memory data structure store that has gained considerable popularity among developers due to its fast performance. In January 2022, security researcher Reginaldo Silva discovered a vulnerability that allows for a Lua scripting engine sandbox escape on Debian and Debian-derived Linux distros running Redis. As a result of this package variable flaw, adversaries can access a system remotely, bypass security access policies or controls, and execute arbitrary commands on the host server. Due to the severity of the vulnerability, CVE-2022-0543 has earned the highest possible CVSS score of 10.0. Get hands-on experience exploiting this vulnerability in a secure virtual lab and develop the skills you need to protect your environment.

What makes this course different from other courses on similar topics?

After completing this course, you will be able to:

  • Explain what the Redis sandbox escape vulnerability is and which CVEs are associated with the vulnerability.

  • Identify the Redis CVE-2022-0543 vulnerability and its root cause, detect exploits, and determine if your organization is impacted by this Lua sandbox escape flaw.

  • Communicate the potential impact to stakeholders across your organization.

  • Exploit this vulnerability using publicly available exploit code.

  • Execute various mitigation tactics to reduce risk.

  • Remediate this vulnerability on Debian-derived Linux distributions running Redis.

  • Share effective exploitation and mitigation strategies.

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you've learned.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against a dangerous vulnerability impacting both Debian and Ubuntu Linux distributions. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. You will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.


Syllabus

  • Redis Vulnerability Exploitation
    • Introduction and Background
    • Identifying the Redis Vulnerability
    • Exploiting the Redis Vulnerability
  • Redis Vulnerability Mitigation
    • Mitigating the Redis Vulnerability

Taught by

Raymond Evans

Related Courses

Security Principles
(ISC)² via Coursera
A Strategic Approach to Cybersecurity
University of Maryland, College Park via Coursera
FinTech for Finance and Business Leaders
ACCA via edX
Access Control Concepts
(ISC)² via Coursera
Access Controls
(ISC)² via Coursera