Recent Threats
Learn about the latest industry threats. Get hands-on experience identifying, exploiting, and mitigating critical vulnerabilities.
Critical vulnerabilities, such as log4j and spring4shell, have taken the world by storm, and it's essential to understand how to exploit them and, even more importantly, the mitigation techniques. This module groups the latest threat labs available on TryHackMe.
0%
Roundcube: CVE-2025-49113
Exploit CVE-2025-49113 in a lab environment.
0%
AD: BadSuccessor
Use the BadSuccessor attack for privilege escalation in an Active Directory environment.
0%
Erlang/OTP SSH: CVE-2025-32433
Learn about and exploit Erlang/OTP SSH CVE-2025-32433 in a lab setup.
0%
SimpleHelp: CVE-2024-57727
Learn how attackers can exploit CVE-2024-57727 and how to detect that.
0%
Next.js: CVE-2025-29927
Explore an authorisation bypass vulnerability in Next.js.
0%
Tomcat: CVE-2024-50379
Explore and learn about the Tomcat CVE-2024-50379 vulnerability.
0%
Bypass Really Simple Security
Learn how to exploit a WordPress website using CVE-2024-10924 and understand various mitigation techniques.
0%
Supply Chain Attack: Lottie
Learn about supply chain attacks and their various mitigation techniques.
0%
PaperCut: CVE-2023-27350
Authorisation bypass (CVE-2023-27350) in PaperCut Print Management software leading to remote code execution.
0%
Joomify: CVE-2023-23752
Learn how to exploit a Joomla CMS using CVE-2023-23752 and understand various mitigation techniques.
0%
Moniker Link (CVE-2024-21413)
Leak user's credentials using CVE-2024-21413 to bypass Outlook's Protected View.
0%
GitLab CVE-2023-7028
Learn to exploit a GitLab instance using CVE-2023-7028 and understand various mitigation techniques.
0%
Confluence CVE-2023-22515
Exploit CVE-2023-22515 to get admin access to Confluence Server and Data Center editions.
0%
Looney Tunables
CVE-2023-4911: That's all Sec-Folks!
0%
CVE-2023-38408
Learn how to move laterally abusing libraries' side effects in Ubuntu (CVE-2023-38408).
0%
Outlook NTLM Leak
Leak password hashes from a user by sending them an email by abusing CVE-2023-23397.
0%
LocalPotato
Learn how to elevate your privileges on Windows using LocalPotato (CVE-2023-21746).
0%
Follina MSDT
A walkthrough on the CVE-2022-30190, the MSDT service, exploitation of the service vulnerability, and consequent detection techniques and remediation processes
0%
Solar, exploiting log4j
Explore CVE-2021-44228, a vulnerability in log4j affecting almost all software under the sun.
0%
Atlassian CVE-2022-26134
An interactive lab showcasing the Confluence Server and Data Center un-authenticated RCE vulnerability.
0%
CVE-2022-26923
Walkthrough on the exploitation of CVE-2022-26923, a vulnerability in AD Certificate Services.
0%
Spring4Shell: CVE-2022-22965
Interactive lab for exploiting Spring4Shell (CVE-2022-22965) in the Java Spring Framework
0%
Dirty Pipe: CVE-2022-0847
Interactive lab for exploiting Dirty Pipe (CVE-2022-0847) in the Linux Kernel
0%
Pwnkit: CVE-2021-4034
Interactive lab for exploiting and remediating Pwnkit (CVE-2021-4034) in the Polkit package
0%
PrintNightmare
Learn about the vulnerability known as PrintNightmare (CVE-2021-1675) and (CVE-2021-34527).
What are modules?
A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).
