CVE Series: OpenSSL Infinite Loop (CVE-2022-0778)

Who should take this course?

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Why take this course?

OpenSSL is a cryptographic software library used by most HTTPS websites to ensure secure communications using open-source SSL and TLS protocols. Offering a useful toolkit and communication protections since 1998, OpenSSL is available on Microsoft Windows and Unix-like operating systems. But OpenSSL is not without flaws, for on March 15, 2022, a vulnerability was disclosed that permits an infinite loop. Remote attackers could exploit this vulnerability to perform a denial-of-service (DOS) attack and prevent users from accessing their systems and services. With a high CVE score of 7.5, this flaw can severely impact a target system.

What makes this course different from other courses on similar topics?

After completing this course, you will be able to:

Define the OpenSSL infinite loop attack, describe its root cause, and communicate its significance to key organizational stakeholders.

Exploit this vulnerability using publicly available exploit code.

Execute various mitigation tactics to reduce risk.

This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you've learned.

Why should I take this course on Cybrary and not somewhere else?

This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against a dangerous vulnerability impacting both Linux and Windows systems. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. You will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.