courses
Free

CVE Series: Blind NoSQL Injection (CVE-2021-22911)

The Blind NoSQL Injection vulnerability (CVE-2021-22911) is a critical flaw impacting Rocket.Chat servers across the globe and has been known to be exploited in the wild. Stop an adversary from potentially executing commands on a victim system by learning how to exploit and mitigate this vulnerability!
5
Share
Start CourseSubscribe for UpdatesNeed to train your team? Learn more
Create Free AccountNeed to train your team? Learn more
1
10
M
Time
intermediate
difficulty
1
ceu/cpe

Course Content

Exploit and Mitigate the Blind NoSQL Injection Vulnerability
CVE Background and Vulnerability Identification

10m

Exploit and Mitigate the Blind NoSQL Injection Vulnerability
CVE Exploitation and Mitigation

0m

Exploit and Mitigate the Blind NoSQL Injection Vulnerability
Course Description

Who should take this course?

This course is for seasoned red teamers, penetration testers, security and vulnerability assessment analysts, and system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.

Why take this course?

The Blind NoSQL Injection vulnerability (CVE-2021-22911) is a critical flaw impacting Rocket.Chat servers across the globe and has been known to be exploited in the wild. If exploited, an adversary can execute commands on a victim system. In the secure lab for this course, you will exploit and mitigate the vulnerability. Learn basic web application pentesting concepts and some intermediate methods of executing those concepts.

What makes this course different from other courses on similar topics?

After completing this course, you will be able to:

  • Define the Blind NoSQL injection attack, describe its root cause, and communicate its significance to key organizational stakeholders.

  • Exploit this vulnerability using publicly available exploit code.

  • Execute various mitigation tactics to reduce risk.

    • This course is taught by Raymond Evans, a member of the CyDefe team. CyDefe develops and operates capture-the-flag (CTF) style environments, and this course focuses on presenting learners with virtual labs where you can dirctly apply what you've learned.

    Why should I take this course on Cybrary and not somewhere else?

    This on-demand course gives you the hands-on experience needed to protect and defend your organization against the critical vulnerability. In one hour, offensive and defensive security professionals can become more prepared to defend their organization against this flaw that could allow an adversary to cause significant damage on a victim system. In this course, you will see just how quick and easy it is to exploit this vulnerability from the perspective of an adversary. You will be able to not only exploit and mitigate this critical vulnerability, but also describe its significance to organizational stakeholders.

    This course is part of a Career Path:
    No items found.

    Instructed by

    Instructor
    Raymond Evans
    Provider
    Cybrary Logo
    Certification Body
    Certificate of Completion

    Complete this entire course to earn a CVE Series: Blind NoSQL Injection (CVE-2021-22911) Certificate of Completion