Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228
Let's try to make sense of the Log4j vulnerability called Log4Shell. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a two part series into log4j.
Log4j Issues:
2013: https://issues.apache.org/jira/browse...
2014: https://issues.apache.org/jira/browse...
2017: https://issues.apache.org/jira/browse...
Log4j 2 Security: https://logging.apache.org/log4j/2.x/...
German Government Warning: https://www.bsi.bund.de/SharedDocs/Cy...
Cloudflare: https://blog.cloudflare.com/exploitat...
A JOURNEY FROM JNDI/LDAP
MANIPULATION TO REMOTE CODE
EXECUTION DREAM LAND: https://www.blackhat.com/docs/us-16/m...
whitepaper: https://www.blackhat.com/docs/us-16/m...
---
00:00 - Intro
01:05 - BugBounty Public Service Announcement
02:23 - Chapter #1: Log4j 2
03:38 - Log4j Lookups
04:15 - Chapter #2: JNDI
06:01 - JNDI vs. Log4j
06:35 - Chapter #3: Log4Shell Timeline
07:33 - Developer Experiences Unexpected Lookups
09:51 - The Discovery of Log4Shell in 2021
11:08 - Chapter #4: The 2016 JNDI Security Research
11:56 - Java Serialized Object Features
13:27 - Why Was The Security Research Ignored?
14:44 - Chapter #5: Security Research vs. Software Engineering
16:49 - Final Words and Outlook to Part 2
17:23 - Outro
=[ ❤️ Support ]=
→ per Video: / liveoverflow
→ per Month: / @liveoverflow
=[ 🐕 Social ]=
→ Twitter: / liveoverflow
→ Instagram: / liveoverflow
→ Blog: https://liveoverflow.com/
→ Subreddit: / liveoverflow
→ Facebook: / liveoverflow
Watch video Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228 online without registration, duration hours minute second in high quality. This video was added by user LiveOverflow 17 December 2021, don't forget to share it with your friends and acquaintances, it has been viewed on our site 271,017 once and liked it 12 thousand people.