Finding and Exploiting Vulnerabilities

A vulnerability is as good as another tool for an ethical hacker. Learn the fundamentals of finding and exploiting vulnerabilities with this course covering exploits, buffer overflows, DLL hijacking and much more.


  • Hacking with Android Lab — 00:09:00
    • Learn about launching a remote exploit from an Android device as you practice in the Penetration Testing Cyber Range.

  • Shellshock Exploitation Lab — 00:11:00
    • Learn about exploiting the Shellshock (GNU Bash) vulnerability as you practice in the Penetration Testing Cyber Range.

  • Spearphishing Lab — 00:12:00
    • Explore compromising a system via malicious email as you practice in the Penetration Testing Cyber Range.

  • Exploiting Vulnerable Services Lab — 00:15:00
    • Learn about gaining access to a remote systems as you practice in the Penetration Testing Cyber Range.

  • DLL Hijacking Video — 00:16:08
  • Buffer Overflows and Other Common Exploits Video — 00:08:53
  • Vulnerability Assessment Concepts Video — 00:03:12
  • Android Exploitation Lab — 00:17:00
    • Learn about accessing Android devices remotely as you practice in the Penetration Testing Cyber Range.

  • Additional Payloads Lab — 00:24:00
    • Explore Metasploit payload options as you practice in the Penetration Testing Cyber Range.

  • Heartbleed Exploitation Lab — 00:10:00
    • Learn how to exploit the Heartbleed (OpenSSL) vulnerability as you practice in the Penetration Testing Cyber Range.

  • Client Side Exploits Lab — 00:14:00
    • Carry out an example of a client side exploit as you practice in the Penetration Testing Cyber Range.

  • Browser Exploits Video — 00:09:28
  • Vulnerability Identification Lab — 00:12:00
    • Learn about vulnerability identification as you practice in the Penetration Testing Cyber Range.

  • Exploitable Vulnerability Example: Buffer Overflow Video — 00:05:07
  • Exploit Definition and Types Video — 00:10:32


Course description

Meet the author

Keatron Evans is a cybersecurity and workforce development expert with over 17 years of experience in penetration testing, incident response and information security management for federal agencies and Fortune 500 organizations. He is Principal Cybersecurity Advisor at Infosec, where he empowers the human side of cybersecurity with cyber knowledge and skills to outsmart cybercrime. Keatron is an established researcher, instructor and speaker — and lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He regularly speaks at major industry events like RSA and serves as a cybersecurity subject matter expert for major media outlets like CNN, Fox News, Information Security Magazine and more.

Keatron holds a Bachelor of Science in Business Information Systems and dozens of cybersecurity certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and Licensed Penetration Tester (LTP). When not teaching, speaking or managing his incident response business, KM Cyber Security LLC, Keatron enjoys practicing various martial arts styles, playing piano and bass guitar, and spending time with his family.

Meet the author

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certification and skills training. We also empower all employees with security awareness training to stay cybersecure at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations on how to defend themselves from cybercrime. That’s what we do every day — equipping everyone with the latest security skills so the good guys win.

You're in good company


We use Infosec Skills to provide continuous training to our technicians and to prepare them for various certifications. Infosec Skills allows us to create personalized training programs that focus on each of our technicians’ particular roles and see their progress as they take courses. We also, recommend it to clients to make their IT support teams better.

Caleb Yankus


This has been utilized to bridge the skills gap across our cyber team and to aid them as they prepare for their various certifications. It also has provided a nice learning foundation for our various cyber team members to utilize as we continue to find ways for cross-utilization with operations while minimizing the downtime needed to ensure everyone’s knowledge is the same.

Daniel Simpson


We use Infosec Skills to provide base level knowledge for employees. We also use the services to provide in depth learning for employees as they encounter new technologies. If an employee is is assigned to a new project, we can rely on Infosec Skills to provide a rapid concentrated learning environment. This rapid concentrated learning positions our employees for success.

Infosec Skills Teams client

Plans & pricing

  • Infosec Skills Personal

    $299 / year

    • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Custom certification practice exams (e.g., CISSP, Security+)
    • Skill assessments
    • Infosec peer community support
  • Infosec Skills Teams

    $799 per license / year

    • Team administration and reporting
    • Dedicated client success manager
    • Single sign-on (SSO)
      Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
    • Integrations via API
      Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
    • 190+ role-guided learning paths and assessments (e.g., Incident Response)
    • 100s of hands-on labs in cloud-hosted cyber ranges
    • Create and assign custom learning paths
    • Custom certification practice exams (e.g., CISSP, CISA)
    • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Award-winning training that you can trust

Comprehensive Cybersecurity Training - Infosec Skills
Cybersecurity Education and Training Gold Award - Infosec IQ
Top Rated Award - Infosec Skills
2021 G2 Summer - Leader - Tech Skills Dev, Online Course, eLearning Content
Top 20 Company - Online Learning Library