What about this course?
We turn the tools over to you and walk through the lab environment to show how to use the most current exploits and ways to defend against them.
INE's world-class IT trainingInstructor for this course
INE Instructor
This course is composed by the following modules
Apache APISIX RCE (CVE-2022-24112)
Apache CouchDB Remote Privilege Escalation (CVE-2022-24706)
Apache Spark Shell Command Injection (CVE-2022-33891)
Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
Cuppa CMS LFI (CVE-2022-34121)
Dirty Pipe (CVE-2022-0847)
Elementor (CVE-2022-29455)
EJS - Server-Side Template Injection (CVE-2022-29078)
ExifTool Command Injection (CVE-2022-23935)
GeoServer (JT-Jiffle) Deserialization RCE (CVE-2022-24847)
HPRMS IDOR (CVE-2022-22296)
MasterStudy Unauthenticated Admin Account Creation (CVE-2022-0441)
MyBB Admin Control Code Injection RCE (CVE-2022-24734)
OpenSSL Command Injection (CVE-2022-1292)
phpMyAdmin XSS (CVE-2022-23808)
PluXml RCE (CVE-2022-25018)
Redis Sandbox Escape (CVE-2022-0543)
Roxy-WI Unauthenticated Remote Code Executions (CVE-2022-31126)
Sourcegraph gitserver sshCommand RCE (CVE-2022-23642)
Spring4Shell Vulnerability Walkthrough
Spring4Shell (CVE-2022-22965)
Spring Cloud Function SpEL Injection (CVE-2022-22963)
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
Strapi (CVE-2022–32114)
Webmin Broken Access Control RCE (CVE-2022-0824)
Webmin File Manager Privilege Exploit (CVE-2022-0824)
Webmin Software Package Updates RCE (CVE-2022-36446)
Zip Slip (CVE-2022-21675)
ZoneMinder Language Settings Remote Code Execution (CVE-2022-29806)
Adminer Arbitrary File Read (CVE-2021-43008)
Adminer SSRF (CVE-2021-21311)
Apache Druid RCE (CVE-2021-25646)
Baron Samedit (CVE-2021-3156)
Cassandra UDF RCE (CVE-2021-44521)
Elementor (CVE-2021-24891)
elFinder Zip Arguments Injection (CVE-2021-32682)
ForgeRock / OpenAM Jato Java Deserialization (CVE-2021-35464)
GitLab Unauthenticated Remote ExifTool Command Injection (CVE-2021-22204)
Grafana Path Traversal (CVE-2021-43798)
GravCMS Remote Command Execution (CVE-2021-21425)
GeoServer Host Header Injection to SSRF (CVE-2021-40822)
Jetty Information Disclosure (CVE-2021-28164)
LimeSurvey RCE (CVE-2021-44967)
Log4j Exploitation Walkthrough
Log4j (CVE-2021–44228) Vulnerability
Microsoft OMI Bypass (CVE-2021-38647)
Moodle SpellChecker Path Authenticated Remote Command Execution (CVE-2021-21809)
Nameko Deserialization RCE (CVE-2021-41078)
Open Distro for Elasticsearch SSRF (CVE-2021-31828)
PrintNightmare (CVE-2021-34527)
Prometheus Open Redirect (CVE-2021-29622)
PwnKit (CVE-2021-4034)
VSCode RCE (CVE-2021-43908)
Wordpress Plugin Backup Guard RCE (CVE-2021-24155)
Wordpress Plugin SP Project and Document Manager RCE (CVE-2021-38315)
(CVE-2021-42013)
(CVE-2021-41773)
Aerospike Database UDF Lua Code Execution (CVE-2020-13151)
Apache Airflow 'Example DAG' Remote Code Execution (CVE-2020-11978)
Apache Flink RCE (CVE-2020-17519)
Cockpit CMS RCE (CVE-2020-35846)
Git LFS RCE (CVE-2020-27955)
Gitea Git Hooks RCE (CVE-2020-14144)
GitLab File Read Remote Code Execution (CVE-2020-10977)
Gogs Git Hooks Remote Code Execution (CVE-2020-15867)
Horde CSV Code Execution (CVE-2020-8518)
Moodle Teacher Enrollment Privilege Escalation to RCE (CVE-2020-14321)
PlaySMS Unauthenticated Template Injection (CVE-2020-8644)
qdPM Authenticated Remote Code Execution (CVE-2020-7246)
SaltStack Salt REST API Command Execution (CVE-2020-16846)
SaltStack Salt Unauthenticated RCE (CVE-2020-11651)
SuiteCRM Log File Remote Code Execution (CVE-2020-28328)
Tomcat Ghost (CVE-2020-1938)
wpDiscuz Unauthenticated RCE (CVE-2020-24186)
Chocobo Root (CVE-2016-8655)
Drupalgeddon 2 (CVE-2018-7600)
HTTPoxy (CVE-2016-5385)
ImageTragick (CVE-2016-3714)
LibSSH Auth Bypass (CVE-2018-10933)
phpMyAdmin 4.8.1 RCE (CVE-2018-12613)
PHuiP-FPizdaM (CVE-2019-11043)
Samba Cry (CVE-2017-7494)
Shellshock Vulnerability (CVE-2014-7169)
The Return of the WIZard (CVE-2019-10149)
WannaCry Ransomware (CVE-2017-0143)
Common Course Questions
If you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below.
If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.
Do you offer training for all student levels?
Are the training videos downloadable?
I only want to purchase access to one training course, not all of them, is this possible?
Are there any fees or penalties if I want to cancel my subscription?
