Monday Mix: CVE Training to Combat the Latest Threats

Hi Cybrary fans!

Whether you're on offense or defense, you'll love all the new content we have to share. From new releases to what's in production, here's what you should know.

New Courses:

We are excited to bring you more hands-on, bite-sized training aligned to the MITRE ATT&CK Framework. In the newest course to light up our TTP matrix, Application Shimming & Data from Local System, you’ll explore how adversaries can leverage common Windows processes to gain persistence and search for valuable data to potentially hold for ransom.

Our newest CVE series, gives you hands-on experience with identifying, exploiting, and mitigating critical vulnerabilities with a widespread impact. Take our latest course on Dirty Pipe (CVE-2022-0847) to escalate your privileges from average user to root in a matter of seconds. Then execute mitigation tactics to protect your Linux systems and Android devices from the next Dirty Pipe attack.

The wait is finally over! All 10 courses covering each new category of the 2021 OWASP Top 10 list are available --> check 'em out below. In our newest release, A04:2021 - Insecure Design, the phenomenal Clint Kehr teaches you insights on how developers and security professionals can use threat modeling to design secure applications. Get the evidence on why multi-factor authentication is in, while knowledge-based authentication through security questions are out! See the full list of our OWASP Top 10 courses:

• A01:2021 - Broken Access Control
• A02:2021 - Cryptographic Failures
• A03:2021 - Injection
• A04:2021 - Insecure Design
• A05:2021 - Security Misconfiguration
• A06:2021 - Vulnerable and Outdated Components
• A07:2021 - Identification and Authentication Failures
• A08:2021 - Software and Data Integrity Failures
• A09:2021 - Security Logging and Monitoring Failures
• A10:2021 - Server-Side Request Forgery (SSRF)

Coming Soon:

Log4Shell took the world by storm, but are you ready for Spring4Shell? If you enjoyed our course on the Log4j vulnerability, then be sure to sign up for updates to enroll in our Spring4Shell course as soon as it's live on the platform. Get ready to learn how to protect your environment against this new, critical vulnerability.

Vendor Content:

What's training without the hands-on experience? Check out Skillable's 10 new labs to share, which cover network security, data recovery, and everyone's favorite--scanning and enumeration.

• Analyze Network Communications
• Configure IP Addresses
• Configure Network Services
• Configure Remote Access
• Configure System and Data Recovery
• Configure Windows Defender Firewall
• Configuring VPN Services
• Evaluate SSH Remote Management Securitys
• Evaluate the Output of Enumeration Tools
• Evaluating Credential Security

Latest Podcast:

With privilege escalation vulnerabilities like Dirty Pipe posing potentially critical impacts, it's important to learn how adversaries are exploiting key flaws to gain root access, launch attacks, and more! Security researcher Carlos Polop discusses his valuable contribution to the penetration testing community: Privilege Escalation Awesome Scripts Suite (PEASS). Gain insights on how pen testers can leverage LinPEAS and WinPEAS to exploit vulnerabilities in CTF environments.

Privilege Escalation Using Hack Tricks with Carlos Polop | 401 Access Denied Ep. 51

Happy learning!