Raymond Evans

Dirty Pipe (CVE-2022-0847) is the most critical vulnerability to impact Linux distributions in years. By exploiting this local kernel flaw, adversaries can quickly escalate privileges and even gain root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.

Ready to defend your organization against the critical noPac double vulnerability (CVE-2021-42278 and CVE-2021-42287) that can lead to advanced privilege escalation on Windows systems? Get ahead of the curve in this hands-on course that allows you to both exploit and mitigate this vulnerability with potentially significant, far-reaching impacts.

The Polkit vulnerability (CVE-2021-4034) is a critical vulnerability impacting every major Linux distribution. Its attack vector allows privilege escalation and can even give the attacker root access. Exploit and mitigate this vulnerability in this hands-on course that gives you the skills you need to protect your organization.

As a penetration tester or red teamer, you will use scanning and enumeration to interact with target systems and learn more about them just like a hacker would. In this Scanning and Enumeration course, you will learn to use key tools to discover and document target information that is vital for your engagements.

Want to better understand the 2020 SolarWinds compromise that dominated the headlines? Interact with the malware used in the attack in this SolarWinds hands-on course and virtual lab so you can detect whether your organization was affected and protect against this type of threat in the future.

Your pentests will only be successful if they are based on high-quality information gathered at the start of the engagement. If you want to leverage resources like Google Dorking, DNS queries, and other public data sources to set yourself up for a successful pentest, then check out this hands-on Recon 101 course.

The BIG-IP iControl REST vulnerability (CVE-2022-1388) is a critical flaw that allows unauthenticated attackers to execute system root-level commands remotely. This vulnerability was given a CVSS score of 9.8 due to how easy it is to exploit and the level of access it grants attackers. Learn how to exploit and mitigate this vulnerability today!

The Apache CouchDB Remote Code Execution (RCE) vulnerability (CVE-2022-24706) is a critical flaw impacting Couch databases and has been known to be exploited in the wild. Learn how to exploit and mitigate this vulnerability today!

The Grafana Directory Traversal vulnerability (CVE-2021-43798) is a critical arbitrary file reading vulnerability impacting global Grafana servers and has been exploited in the wild. Take this course to learn how to exploit and mitigate this vulnerability!

The Blind NoSQL Injection vulnerability (CVE-2021-22911) is a critical flaw impacting Rocket.Chat servers across the globe and has been known to be exploited in the wild. Stop an adversary from potentially executing commands on a victim system by learning how to exploit and mitigate this vulnerability!

The Apache HTTPD vulnerability (CVE-2021-42013) is a critical flaw impacting servers across the globe. This vulnerability gives an attacker the ability to enumerate a system and execute commands on the victim system if exploited. Exploit and mitigate the vulnerability in a secure lab environment!

The OpenSSL infinite loop vulnerability (CVE-2022-0778) is a critical flaw impacting systems running OpenSSL versions 1.0.2, 1.1.1 and 3.0. If exploited, this vulnerability allows adversaries to perform a denial-of-service (DOS) attack. Take our course to exploit this vulnerability in a secure lab environment.