Log4shell, Log4j exploit or Log4what, is that a new crossfit trend?
Manage episode 320821161 series 3217077
Today’s episode covers the vulnerability affecting Java logging package, Log4j. This episode took a little longer to make than expected due to its complexity. Please see links below used to create the episode.
TryHackMe’s Solar, exploiting log4j https://tryhackme.com/room/solar
The Log4J Vulnerability Will Haunt the Internet for Years https://www.wired.com/story/log4j-log4shell/
Huntress Log4Shell Vulnerability Tester https://log4shell.huntress.com/
Apache logging services https://logging.apache.org/
The Apache Software Foundation https://www.apache.org/
USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh
Log4j Attack surface - https://github.com/YfryTchsGD/Log4jAttackSurface
Log4j - Apache Log4j Security Vulnerabilities - https://logging.apache.org/log4j/2.x/security.html
JDBC Appender https://logging.apache.org/log4j/2.x/manual/appenders.html#JDBCAppender
Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html
What is JDBC? https://www.ibm.com/docs/en/informix-servers/12.10?topic=started-what-is-jdbc
Lesson: Overview of JNDI https://docs.oracle.com/javase/tutorial/jndi/overview/index.html
W3Schools - Addressing https://www.w3.org/Addressing/URL/uri-spec.html
Amazon Affiliate link - https://amzn.to/3rpF5KI
44集单集