Free

CVE Series: Log4J (CVE-2021-44228)

The Log4J vulnerability (CVE-2021-44228) took the world by storm in late 2021. Do you have what it takes to exploit and mitigate this critical vulnerability that experts say had the biggest global impact since Shellshock? Find out in this course, where you'll put your defensive and pen testing skills to the ultimate test in a virtual lab.
1
45
M
Time
intermediate
difficulty
2
ceu/cpe

Course Content

Lab: Exploiting the Log4J Vulnerability

30m

Log4J Vulnerability Exploitation
Identifying the Log4J Vulnerability

10m

Log4J Vulnerability Exploitation
Log4J Vulnerability Summary

5m

Log4J Vulnerability Mitigation
Lab: Mitigate the Log4J Vulnerability

30m

Log4J Vulnerability Mitigation
Root Cause and Mitigation

10m

Log4J Vulnerability Mitigation
Course Description

Who should take this course?

Our Log4J vulnerability (CVE-2021-44228) course is designed for intermediate-level learners in either the defensive or offensive security spaces. Offensive security professionals, SOC analysts, and system administrators can take this course to learn how to protect against this critical vulnerability impacting enterprise systems or to exploit the vulnerability in their own testing activities.

What are the prerequisites for this course?

You should have a functional understanding of Apache Log4J and how it is used in many systems, as well as basic knowledge of Java as a programming language and functional knowledge of web applications.

Why should I take this course?

The Log4J vulnerability (CVE-2021-44228) has been labeled by security experts as one of the most serious and far-reaching vulnerabilities of all time, with the highest possible CVSS criticality score of 10. This is because the open-source, Java-based Apache Log4J software is widely used among large and small organizations for routine log management in many applications and systems. With the Log4J vulnerability (CVE-2021-44228), threat actors can exploit the software to initiate a Remote Code Execution (RCE), data leakage, or Denial-of-Service (DoS) attack. Adversaries can also take advantage of the vulnerability to more effectively and efficiently launch other cyberattacks. Our course shows you how to exploit and mitigate this vulnerability in a secure virtual lab environment, giving you the skills you need to protect your organization.

What makes this course different from other courses on similar topics?

This course specifically covers a critical vulnerability that could affect your organization. In an interesting twist, the course uses the exploit as part of the mitigation. There are two instructors for this course. Clint Kehr is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Matt Mullins is a seasoned professional in offensive security with over a decade of experience where he has worked in medical, financial, and government spaces. Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security.

Why should I take this course on Cybrary and not somewhere else?

Our Log4J vulnerability (CVE-2021-44228) course enables you to learn from the foremost experts in the field and ensures your readiness to recognize and mitigate this CVE. Defenders will know how to protect their organization against this vulnerability. Offensive teams will be able to exploit this vulnerability. Our on-demand format affords you the flexibility to learn at your own pace.

This course is part of a Career Path:
No items found.

Instructed by

Master Instructor
Matthew Mullins

Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security. Matt has a Master's degree in Information Assurance and an exhaustive number of certifications ranging from frameworks, management, and hands-on hacking. Matt is a Technical SME at Cybrary, focusing on Adversarial Emulation and Red Teaming for course content.

Senior Instructor
Clint Kehr

Clint is a technical manager for a financial services company’s Responsible Disclosure Team, where he interacts with ethical hackers who find vulnerabilities in the company’s infrastructure. Clint is a former Special Agent with the Department of Justice where he specialized in internet investigations and conducted numerous cases on cyber threat actors on the surface, deep, and dark web, resulting in Clint earning the Attorney General’s Distinguished Service Award. Clint has trained over 1,000 law enforcement officers, prosecutors, and civilians on the dark web and dark market websites. Clint has a master’s degree in intelligence studies from American Military University where he graduated with honors and also has a master’s degree in Information Technology from Carnegie Mellon University where he graduated with highest distinction. As a former Navy Reserve Officer, Clint served in many roles, such as a division officer and department head for commands in the information warfare community.

Provider
Cybrary Logo
Certification Body
Certificate of Completion

Complete this entire course to earn a CVE Series: Log4J (CVE-2021-44228) Certificate of Completion