What about this course?
We turn the tools over to you and walk through the lab environment to show how to use the most current exploits and ways to defend against them.

Instructor for this course
INE Instructor
This course is composed by the following modules
AeroCMS RCE (CVE-2022-27061)
Apache APISIX RCE (CVE-2022-24112)
Apache CouchDB Remote Privilege Escalation (CVE-2022-24706)
Apache Spark Shell Command Injection (CVE-2022-33891)
Authorization Bypass in RegexRequestMatcher (CVE-2022-22978)
Bludit XSS (CVE-2022-1590)
Cuppa CMS LFI (CVE-2022-34121)
Cuppa CMS RCE (CVE-2022-37190)
Dirty Pipe (CVE-2022-0847)
dotCMS File Upload RCE (CVE-2022-26352)
Elementor (CVE-2022-29455)
EJS - Server-Side Template Injection (CVE-2022-29078)
ExifTool Command Injection (CVE-2022-23935)
Flatpress RCE (CVE-2022-40048)
GeoServer (JT-Jiffle) Deserialization RCE (CVE-2022-24847)
GLPI PHP Code Injection (CVE-2022-35914)
Hotel Druid RCE (CVE-2022-22909)
HPRMS IDOR (CVE-2022-22296)
MasterStudy Unauthenticated Admin Account Creation (CVE-2022-0441)
MyBB Admin Control Code Injection RCE (CVE-2022-24734)
OpenCATS SQLi (CVE-2022-43020)
OpenCATS XSS (CVE-2022-43017)
OpenSSL Command Injection (CVE-2022-1292)
phpMyAdmin XSS (CVE-2022-23808)
PluXml RCE (CVE-2022-25018)
PluXml Thumbnail Path XSS (CVE-2022-25020)
Redis Sandbox Escape (CVE-2022-0543)
Roxy-WI Unauthenticated Remote Code Executions (CVE-2022-31126)
Sourcegraph gitserver sshCommand RCE (CVE-2022-23642)
Spring4Shell Vulnerability Walkthrough
Spring4Shell (CVE-2022-22965)
Spring Cloud Function SpEL Injection (CVE-2022-22963)
Spring Cloud Gateway Actuator API SpEL Code Injection (CVE-2022-22947)
Strapi (CVE-2022–32114)
SuiteCRM Auth RCE (CVE-2022-23940)
Total.js RCE (CVE-2022-44019)
Webmin Broken Access Control RCE (CVE-2022-0824)
Webmin File Manager Privilege Exploit (CVE-2022-0824)
Webmin Software Package Updates RCE (CVE-2022-36446)
Zip Slip (CVE-2022-21675)
ZoneMinder Language Settings Remote Code Execution (CVE-2022-29806)
Adminer Arbitrary File Read (CVE-2021-43008)
Adminer SSRF (CVE-2021-21311)
Apache Druid RCE (CVE-2021-25646)
Baron Samedit (CVE-2021-3156)
Bludit XSS (CVE-2021-45745)
Cassandra UDF RCE (CVE-2021-44521)
Chamilo LMS File Upload (CVE-2021-31933)
Elementor (CVE-2021-24891)
elFinder Zip Arguments Injection (CVE-2021-32682)
Flatcore RCE (CVE-2021-39608)
ForgeRock / OpenAM Jato Java Deserialization (CVE-2021-35464)
GetSimple RCE (CVE-2021-28976)
GitLab Unauthenticated Remote ExifTool Command Injection (CVE-2021-22204)
Grafana Path Traversal (CVE-2021-43798)
GravCMS Remote Command Execution (CVE-2021-21425)
GeoServer Host Header Injection to SSRF (CVE-2021-40822)
Jetty Information Disclosure (CVE-2021-28164)
Laravel Ignition RCE (CVE-2021-3129)
LimeSurvey RCE (CVE-2021-44967)
Log4j Exploitation Walkthrough
Log4j (CVE-2021–44228) Vulnerability
Lucee Arbitrary File Write (CVE-2021-21307)
Microsoft OMI Bypass (CVE-2021-38647)
Moodle SpellChecker Path Authenticated Remote Command Execution (CVE-2021-21809)
Nameko Deserialization RCE (CVE-2021-41078)
Open Distro for Elasticsearch SSRF (CVE-2021-31828)
PluXml Stored XSS (CVE-2021-38603)
PrintNightmare (CVE-2021-34527)
Prometheus Open Redirect (CVE-2021-29622)
PwnKit (CVE-2021-4034)
SaltStack Salt API RCE (CVE-2021-25281)
SuiteCRM Auth SQLi (CVE-2021-45041)
Tiki-Wiki RCE (CVE-2021-26119)
VSCode RCE (CVE-2021-43908)
Wordpress Plugin Backup Guard RCE (CVE-2021-24155)
Wordpress Plugin SP Project and Document Manager RCE (CVE-2021-38315)
WP User Frontend (CVE-2021-25076)
Xstream Deserialization RCE (CVE-2021-21351)
Zenario CMS File Upload (CVE-2021-42171)
(CVE-2021-42013)
(CVE-2021-41773)
Aerospike Database UDF Lua Code Execution (CVE-2020-13151)
Apache Airflow 'Example DAG' Remote Code Execution (CVE-2020-11978)
Apache Flink RCE (CVE-2020-17519)
BigTree RCE (CVE-2020-26670)
Cacti 'filter' SQLi (CVE-2020-14295)
Cockpit CMS RCE (CVE-2020-35846)
Dolibarr File Upload (CVE-2020-14209)
Git LFS RCE (CVE-2020-27955)
Gitea Git Hooks RCE (CVE-2020-14144)
GitLab File Read Remote Code Execution (CVE-2020-10977)
Gogs Git Hooks Remote Code Execution (CVE-2020-15867)
Horde CSV Code Execution (CVE-2020-8518)
LimeSurvey Path Traversal (CVE-2020-11455)
MaraCMS Arbitrary PHP File Upload (CVE-2020-25042)
Moodle Teacher Enrollment Privilege Escalation to RCE (CVE-2020-14321)
OpenSMTPD RCE (CVE-2020-7247)
PlaySMS Unauthenticated Template Injection (CVE-2020-8644)
qdPM Authenticated Remote Code Execution (CVE-2020-7246)
SaltStack Salt REST API Command Execution (CVE-2020-16846)
SaltStack Salt Unauthenticated RCE (CVE-2020-11651)
SuiteCRM Log File Remote Code Execution (CVE-2020-28328)
Tiki-Wiki Auth Bypass (CVE-2020-15906)
Tomcat Ghost (CVE-2020-1938)
wpDiscuz Unauthenticated RCE (CVE-2020-24186)
Bludit File Upload (CVE-2019-16113)
Chocobo Root (CVE-2016-8655)
Drupalgeddon 2 (CVE-2018-7600)
Dolibarr SQLi (CVE-2018-10094)
Dolibarr XSS (CVE-2019-16197)
HTTPoxy (CVE-2016-5385)
ImageTragick (CVE-2016-3714)
LibSSH Auth Bypass (CVE-2018-10933)
phpMyAdmin 4.8.1 RCE (CVE-2018-12613)
PHuiP-FPizdaM (CVE-2019-11043)
Samba Cry (CVE-2017-7494)
Shellshock Vulnerability (CVE-2014-7169)
The Return of the WIZard (CVE-2019-10149)
WannaCry Ransomware (CVE-2017-0143)
Common Course Questions
If you have a question you don’t see on this list, please visit our Frequently Asked Questions page by clicking the button below.
If you’d prefer getting in touch with one of our experts, we encourage you to call one of the numbers above or fill out our contact form.
Do you offer training for all student levels?
Are the training videos downloadable?
I only want to purchase access to one training course, not all of them, is this possible?
Are there any fees or penalties if I want to cancel my subscription?