
Confluence Zero-Day: The In-Memory Implant
An internet-facing Atlassian Confluence server falls to an unauthenticated OGNL-injection zero-day (CVE-2022-26134). Code runs as the confluence service account, which plants a JSP webshell over a legitimate file, loads a memory-resident implant into the JVM, dumps the local database credentials, and wipes the access log before exfiltrating the data. Work the Confluence web logs, the Linux host trail, and the perimeter egress to reconstruct the breach.
Launches in 5 days
Tuesday, July 21, 2026 at 9:00 AM
Be ready the moment it drops, free.
Training Tools
What you'll investigate
6 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 21, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started Free