Explore a comprehensive video tutorial on the critical CVE-2021-44228 Log4j vulnerability, focusing on its impact on Minecraft and other systems. Learn about the context of the exploit, view demonstrations of attacks on unpatched Minecraft servers, and understand industry responses to this security threat. Gain insights into detection methods, potential threats, and bypass techniques. Discover how to use an open-source vulnerability tester and stay informed about the latest developments in this significant cybersecurity issue.
Overview
Syllabus
- Introduction.
- Tweet on gaining RCE via Minecraft.
- Overview of topics covered in video.
- Context surrounding Log4j exploit.
- Blog posts & Github repositories on CVE-2021-44228.
- [Demo] Exploiting Log4j to get a callback to attacker-controlled server.
- [Demo] Exploiting Log4j via unpatched Minecraft server (Spawning calc.exe).
- [Demo] Exploiting Log4j via unpatched Minecraft server (Spawning a reverse shell).
- How the industry is responding from a defense perspective.
- Industry chatter surrounding CVE-2021-44228.
- Blog post discussion.
- Open Source Log4Shell Vulnerability Tester.
- Conclusion.
Taught by
John Hammond
