HackEDU has added a new Public Vulnerabilities offering to enhance the training experience. Public vulnerabilities are sandboxes with vulnerabilities that have been disclosed in popular software products such as Drupal, Struts 2, Wordpress, etc.
Public vulnerability sandboxes offer a safe and legal environment to learn about real world vulnerabilities. The sandboxes are a place to learn about the particular vulnerabilities, try exploitation, understand defending, and see how these vulnerabilities occur in the real world. Learning about real vulnerabilities drives home the importance of secure coding and the impact of what these vulnerabilities could do. In addition, it is a fun platform to explore and learn about new vulnerabilities.
The current public vulnerabilities include a remote code execution vulnerability Drupalgeddon2 (CVE-2018-7600) in Drupal, a remote code execution vulnerability in Apache Struts 2 (CVE-2018-11776), and a arbitrary file overwrite vulnerability in archive software. These sandboxes include the tools you need to explore and exploit. Some examples of the tools available include Kali Linux, callback listeners, and web servers. You can expect many more of these from HackEDU as well as detailed write-ups on the vulnerabilities, how to exploit them, and how to defend against them.
The public vulnerability sandboxes are offered through all of HackEDU’s training including Secure Development Training.