Exploit Public-Facing Application

This course covers the MITRE technique T1190: Exploit Public-Facing Application. This technique involves an adversary exploiting a vulnerability in a public-facing application to gain unauthorized access to a target network. Students will learn about the types of public-facing applications and common vulnerabilities that attackers may target.

Course Content

Magic Hound Lab


What is Technique T1190?
Attack, Detect and Mitigate


What is Technique T1190?
Course Description

This course will cover the technique:

> [T1190]( Exploit Public-Facing Application, is used by threat actors to exploit vulnerabilities in public-facing applications to gain unauthorized access to targeted systems or networks. This technique involves identifying weaknesses in web applications or web servers and using them to inject malicious code or exploit vulnerabilities to gain unauthorized access.

> Public-facing applications are software applications accessible to users over the internet, such as websites, online portals, or mobile applications. These applications are commonly used by organizations to provide services, support communication, and store sensitive data. However, they are also attractive targets for attackers seeking to exploit vulnerabilities in these applications to gain unauthorized access to sensitive information or cause disruption to services.

This course will also cover:

  • [T1212]( - Exploitation for Credential Access
  • [T1059.001]( - Command and Scripting Interpreter: PowerShell
  • [T1505.003]( - Server Software Component: Web Shell
  • > Learn how to detect and mitigate these techniques to protect your organization from this type of attack. Apply what you learn and get the hands-on skills you need in Cybrary's MITRE ATT&CK Framework courses aligned to tactics and techniques used by threat actors.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Owen Dubiel

    Owen is certified in the GIAC GSEC, CompTIA CySA+, and various other vendor-related certifications. He works both as a technical security engineer and as an SME architect instructor in his spare time. Spreading the word of cyber security is a passion of his. Owen lives in Southeast Michigan with his beautiful wife, daughter, and his dog, Thor. In his free time, Owen enjoys watching sports and movies, and spending time with his family.

    Lucas Romano

    Lucas is a seasoned threat researcher in multiple security disciplines, such as real-world adversarial tracking, network vulnerabilities, web exploitation, API abuse, and more. He began his career at the US Department of Defense, where he was trained by some of the world's best operators and analysts. Lucas now operates in the Cybrary red team, emulating real-world threat actors and running purple team exercises. He has 11 industry certifications, including the OSWA, GPEN, GAWN, GCFE, and RHCSA. He is also a member of the GIAC Advisory Board. In his free time, he enjoys working outdoors to improve his farm.

    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a Exploit Public-Facing Application Certificate of Completion