Skip to main content
Spring4Shell: Class-Loader RCE to Webshell (CVE-2022-22965) operation cover
COMING SOONIntermediate

Spring4Shell: Class-Loader RCE to Webshell (CVE-2022-22965)

An internet-facing Java Spring MVC application is compromised through CVE-2022-22965 (Spring4Shell), a class-loader manipulation flaw that turns Tomcat's own logging system into a webshell writer. Working from the Tomcat access logs and the perimeter firewall, trace the exploit request, identify what landed on disk, follow the operator's command sessions, and catch the pivot to an internal backend service.

40m
6 tasks
50 points
Free

Launches in 5 days

Jul 7, 2026

Tuesday, July 7, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

SIEMFirewall

What you'll investigate

6 objectives unlock when this operation goes live.

1Trace the exploit source
2Identify the dropped webshell
3Name the service account behind the commands
4Determine the operator source address
5Spot the lateral probe
6Classify the persistence technique

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 7, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever