Free
CVE Series: Follina (CVE-2022-30190)
The Follina exploit (CVE-2022-30190) is a Windows Remote Code Execution (RCE) vulnerability that could allow a threat actor to acquire an initial level of access after a successful phishing attack. Take our course to gain the skills you need to identify the vulnerability, detect it, and mitigate it (with current best knowledge).
1
H
50
M
Time
intermediate
difficulty
2
ceu/cpe
Course Content
Introduction and Background
Exploitation
Identifying the Vulnerability
Exploitation
Exploiting CVE-2022-30190 (Lab)
Exploitation
Course Description
Who should take this course?
This course is for seasoned offensive security professionals, SOC analysts, and Windows system administrators who want to know how to exploit and protect against the latest vulnerabilities impacting enterprise systems.What are the prerequisites for this course?
You should have functional knowledge of Windows as an operating system, unique URI schemes, and scripting languages like powershell.Why should I take this course?
Microsoft released a security bulletin defining the Follina vulnerability on May 30th, 2022, with a base CVSS score of 7.8. This vulnerability is rated as “High” due to the ability of attackers to execute remote code on a system, install programs, modify data, or create new accounts in the context allowed by the user’s rights. This variation has made the attack very enticing for Advanced Persistent Threat actors (APTs) and cyber criminal organizations because detections are more immature and thus the potential for impacting organizations more easily is greater.What makes this course different from other courses on similar topics?
By the end of this course, you should be able to:Your instructor, Matt Mullins, is a seasoned professional in offensive security with over a decade of experience where he has worked in medical, financial, and government spaces. Matt has led multiple Red Team engagements, ranging from a few weeks to a year and covering multiple security domains. Outside of Red Teaming, Matt is also a seasoned penetration tester with interests in: AppSec, OSINT, Hardware, Wifi, Social Engineering, and Physical Security.