CVE Series: Polkit (CVE-2021-4034)

Course Description

Our Polkit vulnerability (CVE-2021-4034) course is designed for intermediate-level learners in either the defensive or offensive security spaces. Penetration testers, red teamers, security and vulnerability analysts, and system administrators can take this course to learn how to protect against this critical vulnerability impacting enterprise systems or to exploit the vulnerability in their own testing activities.

You should have a functional understanding of the Linux command line in order to execute key commands to exploit and mitigate this vulnerability in a virtual lab environment.

The Polkit vulnerability (CVE-2021-4034) is widespread and dangerous. Because of its ability to elevate the privileges of any user on a system, this vulnerability has earned a high CVSS score of 7.8. It depends upon a program installed by default on every major Linux distribution. Attackers can exploit this vulnerability to elevate their privileges on a victim system and even gain root access.

It is important to patch this vulnerability as soon as possible, because it has put many systems at risk. Our course discusses the official patch released on January 11th. The course also covers additional methods for mitigating and preventing exploitation of the vulnerability that depend on your system preferences. Gain hands-on experience with exploiting and mitigating this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

This course specifically covers a critical vulnerability that could affect your organization. By the end of this course, you will be able to:

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you’ve learned.

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the new and dangerous Polkit vulnerability (CVE-2021-4034). In one hour, offensive and defensive security professionals will be able to see just how easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Define the Polkit vulnerability, describe its root cause, and communicate its significance to key organizational stakeholders

Exploit the vulnerability with publicly available exploit code

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the new and dangerous Polkit vulnerability (CVE-2021-4034). In one hour, offensive and defensive security professionals will be able to see just how easy it is to exploit this vulnerability from the perspective of an adversary. After completing your training, you will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

Module 1: Polkit Vulnerability Exploitation

Module 2: Polkit Vulnerability Mitigation