CVE Series: Log4J (CVE-2021-44228)

Course Description

Our Log4J vulnerability (CVE-2021-44228) course is designed for intermediate-level learners in either the defensive or offensive security spaces. Offensive security professionals, SOC analysts, and system administrators can take this course to learn how to protect against this critical vulnerability impacting enterprise systems or to exploit the vulnerability in their own testing activities.

You should have a functional understanding of Apache Log4J and how it is used in many systems, as well as basic knowledge of Java as a programming language and functional knowledge of web applications.

The Log4J vulnerability (CVE-2021-44228) has been labeled by security experts as one of the most serious and far-reaching vulnerabilities of all time, with the highest possible CVSS criticality score of 10. This is because the open-source, Java-based Apache Log4J software is widely used among large and small organizations for routine log management in many applications and systems. With the Log4J vulnerability (CVE-2021-44228), threat actors can exploit the software to initiate a Remote Code Execution (RCE), data leakage, or Denial-of-Service (DoS) attack. Adversaries can also take advantage of the vulnerability to more effectively and efficiently launch other cyberattacks. Our course shows you how to exploit and mitigate this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

This course specifically covers a critical vulnerability that could affect your organization. In an interesting twist, the course uses the exploit as part of the mitigation. There are two instructors for this course. Clint Kehr is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Matt Mullins is a seasoned professional in offensive security with over a decade of experience where he has worked in medical, financial, and government spaces. Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security.

Our Log4J vulnerability (CVE-2021-44228) course enables you to learn from the foremost experts in the field and ensures your readiness to recognize and mitigate this CVE. Defenders will know how to protect their organization against this vulnerability. Offensive teams will be able to exploit this vulnerability. Our on-demand format affords you the flexibility to learn at your own pace.

Our Log4J vulnerability (CVE-2021-44228) course enables you to learn from the foremost experts in the field and ensures your readiness to recognize and mitigate this CVE. Defenders will know how to protect their organization against this vulnerability. Offensive teams will be able to exploit this vulnerability. Our on-demand format affords you the flexibility to learn at your own pace.

Module 1: Log4J Vulnerability Exploitation

Module 2: Log4J Vulnerability Mitigation