CVE-2022-24112 Apache APISIX: Emulation and Detection
In this lab, you’ll learn how to emulate, detect, and mitigate attacks against vulnerable instances of Apache APISIX. When you’re finished, you'll not only know how to exploit CVE-2022-24112, you'll also be able to protect against real-world attacks.
Terms and conditions apply.
Challenge
Getting Started in the Lab Environment
Here are the initial instructions and explanation of the lab environment. Read this while your environment is busy creating itself from nothing. Yes, this violates physics; we know. How fun!
Challenge
Emulating an Attack Against Apache APISIX
In this section, we begin with the first challenge: emulating an attack against a vulnerable instance of Apache APISIX. The challenge consists of two hands-on exercises, which include initial discovery and exploitation of the vulnerability.
Challenge
Detecting Attacks Against Apache APISIX
Armed with the knowledge of how to exploit the APISIX vulnerability, we're ready to proceed with the next challenge: detecting exploitation attempts. The challenge consists of a hands-on exercise, where we leverage Apache's advanced logging and security capabilities to detect real-time attacks
Challenge
Preventing Attacks Against Apache APISIX
With the knowledge of how to perform and detect attacks against Apache APISIX, we are now ready to progress to the next challenge, where we leverage Apache to prevent attacks against vulnerable APISIX instances. This challenge consists of a hands-on exercise, whereby the mod-security module will be configured to prevent real-time attacks
Challenge
Apache APISIX (CVE-2022-24112): Emulation and Detection
Welcome to the final challenge! This is your last chance to experiment in the environment. Clicking Finish Lab will end this little world that flittered into existence just for you.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- Working knowledge of the Linux OS
- Conceptual understanding of HTTP
- Basic scripting with Bash