Skip to main content
Confluence Zero-Day: The In-Memory Implant operation cover
COMING SOONIntermediate

Confluence Zero-Day: The In-Memory Implant

An internet-facing Atlassian Confluence server falls to an unauthenticated OGNL-injection zero-day (CVE-2022-26134). Code runs as the confluence service account, which plants a JSP webshell over a legitimate file, loads a memory-resident implant into the JVM, dumps the local database credentials, and wipes the access log before exfiltrating the data. Work the Confluence web logs, the Linux host trail, and the perimeter egress to reconstruct the breach.

50m
6 tasks
50 points
Free

Launches in 5 days

Jul 21, 2026

Tuesday, July 21, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops, free.

Training Tools

SIEMFirewall

What you'll investigate

6 objectives unlock when this operation goes live.

1Find the foothold
2Identify the running identity
3Name the planted webshell
4Expose the credential theft
5Trace the exfiltration
6Classify the access

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 21, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free