))
Log4shell, Log4j exploit or Log4what, is that a new crossfit trend?
Manage episode 320821161 series 3217077
Contenu fourni par Theo. Tout le contenu du podcast, y compris les épisodes, les graphiques et les descriptions de podcast, est téléchargé et fourni directement par Theo ou son partenaire de plateforme de podcast. Si vous pensez que quelqu'un utilise votre œuvre protégée sans votre autorisation, vous pouvez suivre le processus décrit ici https://fr.player.fm/legal.
Today’s episode covers the vulnerability affecting Java logging package, Log4j. This episode took a little longer to make than expected due to its complexity. Please see links below used to create the episode.
TryHackMe’s Solar, exploiting log4j https://tryhackme.com/room/solar
The Log4J Vulnerability Will Haunt the Internet for Years https://www.wired.com/story/log4j-log4shell/
Huntress Log4Shell Vulnerability Tester https://log4shell.huntress.com/
Apache logging services https://logging.apache.org/
The Apache Software Foundation https://www.apache.org/
USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh
Log4j Attack surface - https://github.com/YfryTchsGD/Log4jAttackSurface
Log4j - Apache Log4j Security Vulnerabilities - https://logging.apache.org/log4j/2.x/security.html
JDBC Appender https://logging.apache.org/log4j/2.x/manual/appenders.html#JDBCAppender
Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html
What is JDBC? https://www.ibm.com/docs/en/informix-servers/12.10?topic=started-what-is-jdbc
Lesson: Overview of JNDI https://docs.oracle.com/javase/tutorial/jndi/overview/index.html
W3Schools - Addressing https://www.w3.org/Addressing/URL/uri-spec.html
Amazon Affiliate link - https://amzn.to/3rpF5KI
43 episodes
Partager
