Short Course

Log4j: The Big Picture

100’s of millions of devices and services at risk and defenders have to scramble!

6 Hours of video content

Intermediate

Certificate of Completion Included

Check out Subscription Plans

Overview What You Will Learn Curriculum Instructor

Course Overview

Blue teamers are pushed to the edge when the latest vulnerability hits the street just before the holiday break! Many are looking forward to the break and yet another massive vulnerability hits the streets. This time it is Log4J the scrouge of the holiday break and it impacts millions of devices and services. On No! The game begins.

In this course, we will provide an overview of this massive vulnerability and its impact. We will review the analysis that vendors and agencies have provided and leverage that insight to capture what we need to discover our organization's risk. We will cover the importance of patching, but we all know not everything can be patched and therefore we also need to cover other techniques when it comes to mitigation. We will leverage a test environment showcasing the exploit in action to highlight some of the opportunities we as defenders may have.

Finally, we will leverage a commercial suite of technologies just to put into perspective how one can detect and mitigate the risk at multiple layers when patching is NOT an option. Note: the commercial tools being leveraged are tools available to the author and everyone attending this course is encouraged to leverage their tools of choice – the goal is perspective only and one should always maximize existing investments when minimizing and mitigating risk. Use the tools in your toolbox!

What You Will Learn

You will understand Log4J and the risk
Dig into the vulnerability and discuss patching but also realize that patching cannot always be performed
Understand the specific risks to the organization one defends using the tools available
Build out a lab to exploit the vulnerability to get a better understanding how the adversary may go about compromising your environment
Mitigate the risk using the tools available

Program Curriculum

Time to Understand All the Fuss
$7 Million Cybersecurity Scholarship by EC-Council
Chapter 1 Quiz

Examine the Vulnerability from Both Adversary and Defender
Chapter 2 Quiz

Patching is Not Always Possible

Organizational Risk Defenders Perspective – Part 1
Organizational Risk Defenders Perspective – Part 2
Organizational Risk Defenders Perspective – Part 3
Chapter 4 Lab

Develop a Lab to Perform Exploitation
Lab – Part 1
Lab – Part 2

When Patching is Not an Option
Demo – Part 1
Demo – Part 2

Load more modules

Instructor

Jason Maynard

Jason has been architecting, designing, and deploying security technologies that secure the most complex computing environments for almost 2 decades. Leveraging multiple technologies as a systems administrator, infrastructure architect, and solutions integrator before focusing primarily on security. Jason has been using virtualization technologies going back to VMware GSX/ESX back in 2001/2002 (outside of networking virtualization such as VLANs and VRFs). Jason’s understanding of technologies, people, and process enable him to deliver effective, comprehensive security solutions that align with an organization’s security goals and strategic imperatives. Jason is adept at addressing a range of risk profiles across multiple industry verticals; skills he has cultivated as an end-user security practitioner, partner/integrator, and now manufacturer as Senior Technical Solutions Architect, focused on Cybersecurity. Jason is also active in the direct community speaking at multiple conferences and getting deep delivering sessions at multiple BSides events. Jason also holds over 75+ designations across a variety of products and technologies including the CCIE designation.

Buy this course now

$59.99

Get Immediate access for one year today!

Upgrade to Pro Plans and Get Full Access Today!

Get this course, along with 700+ courses and 50+ learning paths and more in one subscription. Learn more

Unlock All Access

Plans start from $33/mo. Cancel anytime.

Join over 1 Million professionals from the most renowned Companies in the world!

Empower Your Learning with Our Flexible Plans

Invest in your future with our flexible subscription plans. Whether you're just starting out or looking to enhance your expertise, there's a plan tailored to meet your needs. Gain access to in-demand skills and courses for your continuous learning needs.

Monthly Plans

Annual Plans

Save 20% with our annual plans!

Pro

Ideal for continuous learning, offering extensive resources with 600+ courses and diverse Learning Paths to enhance your skills.

^$ 499.00

Billed annually or $59.00 billed monthly

Get Started Now

Start your 7-day trial for $1

What is included

700+ Premium Short Courses
50+ Structured Learning Paths
Validation of Completion with all courses and learning paths
New Courses added every month

Early Access Offer

Pro +

Experience immersive learning with Practice Labs, CTF Challenges, and exclusive EC-Council certifications for comprehensive skill-building.

^$ 599.00

Billed annually or $69.00 billed monthly

Get Started Now

Start your 7-day trial for $1

Everything in Pro and

800+ Practice Lab exercises with guided instructions
150+ CTF Challenges with detailed walkthroughs
New Practice Labs and Challenges added every month
3 Official EC-Council Essentials Certifications¹ (retails at $897!)
Exclusive Bonus with Annual Plans

¹This plan includes Digital Forensics Essentials (DFE), Ethical Hacking Essentials (EHE), and Network Defense Essentials (NDE) certifications. No other EC-Council certifications are included.

Related Courses

15 Must Have Tools for Pentesters

Short Course

15 Must Have Tools for Pentesters

Vulnerability Assessment and Pentesting

Upgrade your penetration testing skillset by adopting the best tools available in the market!

Upgrade your penetration testing skillset by adopting the bes...

$59.99

Intermediate

9 hr 15 m

Hello
Kali for Penetration Testers

Short Course

Kali for Penetration Testers

Vulnerability Assessment and Pentesting

Ethical Hacking with Kali Linux

Ethical Hacking with Kali Linux

$69.99

Beginner

6 hr 49 m

Hello
Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

Short Course

Hacking WEP/WPA/WPA2 Wi-Fi Networks Using Kali Linux 2

Vulnerability Assessment and Pentesting

The comprehensive course to secure & crack WEP/WPA/WPA2 key and perform MITM attack from scratch using Kali Linux 2.0.

The comprehensive course to secure & crack WEP/WPA/WPA2 k...

$69.99

Intermediate

5 hr 12 m

Hello
Getting Started with Bug Bounty Hunting

Short Course

Getting Started with Bug Bounty Hunting

Vulnerability Assessment and Pentesting

Perfect Guide for Making You a Noob to Pro Bug Hunter

Perfect Guide for Making You a Noob to Pro Bug Hunter

$79.99

Beginner

2 hr 45 m

Hello
Web Hacker’s Toolbox: Tools Used by Successful Hackers

Short Course

Web Hacker’s Toolbox: Tools Used by Successful Hackers

Vulnerability Assessment and Pentesting

Discover the Tools Used by Successful Hackers and Learn How to Use Them in Your Own Penetration Testing Projects

Discover the Tools Used by Successful Hackers and Learn How t...

$59.99

Intermediate

3 hr 4 m

Hello
Full-Stack Attacks on Modern Web Applications

Short Course

Full-Stack Attacks on Modern Web Applications

Vulnerability Assessment and Pentesting

Learn About HTTP Parameter Pollution, Subdomain Takeover, and Clickjacking

Learn About HTTP Parameter Pollution, Subdomain Takeover, and...

$59.99

Intermediate

0 hr 59 m

Hello
Learn Hacking Using Raspberry Pi from Scratch

Short Course

Learn Hacking Using Raspberry Pi from Scratch

Vulnerability Assessment and Pentesting

Improve your Ethical Hacking Skills by using your portable Raspberry Pi device for Penetration Testing/Security Auditing.

Improve your Ethical Hacking Skills by using your portable Ra...

$69.99

Beginner

8 hr 20 m

Hello
Digital Forensics for Pentesters - Hands-on Learning

Short Course

Digital Forensics for Pentesters - Hands-on Learning

Vulnerability Assessment and Pentesting

Detect and backtrack cyber criminals and hackers with digital forensics.

Detect and backtrack cyber criminals and hackers with digital...

$69.99

Beginner

5 hr 10 m

Hello