CVE Series: Log4J (CVE-2021-44228)

Cybrary
Course

The Log4J vulnerability (CVE-2021-44228) took the world by storm in late 2021. Do you have what it takes to exploit and mitigate this critical vulnerability that experts say had the biggest global impact since Shellshock? Find out in this course, where you'll put your defensive and pen testing skills to the ultimate test in a virtual lab.

Time
1 hour 45 minutes
Difficulty
Intermediate
CEU/CPE
2
Share
NEED TO TRAIN YOUR TEAM? LEARN MORE
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course Content
Module 1: Log4J Vulnerability Exploitation
Log4J Vulnerability Introduction and Background
10m
Identifying the Log4J Vulnerability
10m
Lab: Exploiting the Log4J Vulnerability
30m
Application of Use for Penetration Testers and Red Teamers
10m
Module 2: Log4J Vulnerability Mitigation

2.1Root Cause and Mitigation

10m

2.2Lab: Mitigate the Log4J Vulnerability

30m

2.3Log4J Vulnerability Summary

5m
Course Description

Who should take this course?

Our Log4J vulnerability (CVE-2021-44228) course is designed for intermediate-level learners in either the defensive or offensive security spaces. Offensive security professionals, SOC analysts, and system administrators can take this course to learn how to protect against this critical vulnerability impacting enterprise systems or to exploit the vulnerability in their own testing activities.

What are the prerequisites for this course?

You should have a functional understanding of Apache Log4J and how it is used in many systems, as well as basic knowledge of Java as a programming language and functional knowledge of web applications.

Why should I take this course?

The Log4J vulnerability (CVE-2021-44228) has been labeled by security experts as one of the most serious and far-reaching vulnerabilities of all time, with the highest possible CVSS criticality score of 10. This is because the open-source, Java-based Apache Log4J software is widely used among large and small organizations for routine log management in many applications and systems. With the Log4J vulnerability (CVE-2021-44228), threat actors can exploit the software to initiate a Remote Code Execution (RCE), data leakage, or Denial-of-Service (DoS) attack. Adversaries can also take advantage of the vulnerability to more effectively and efficiently launch other cyberattacks. Our course shows you how to exploit and mitigate this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

What makes this course different from other courses on similar topics?

This course specifically covers a critical vulnerability that could affect your organization. In an interesting twist, the course uses the exploit as part of the mitigation. There are two instructors for this course. Clint Kehr is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Matt Mullins is a seasoned professional in offensive security with over a decade of experience where he has worked in medical, financial, and government spaces. Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security.

Why should I take this course on Cybrary and not somewhere else?

Our Log4J vulnerability (CVE-2021-44228) course enables you to learn from the foremost experts in the field and ensures your readiness to recognize and mitigate this CVE. Defenders will know how to protect their organization against this vulnerability. Offensive teams will be able to exploit this vulnerability. Our on-demand format affords you the flexibility to learn at your own pace.