動画検索
関連広告
検索結果
Introduction
Tweet on gaining RCE via Minecraft
Overview of topics covered in video
Context surrounding Log4j exploit
Blog posts & Github repositories on CVE-2021-44228
[Demo] Exploiting Log4j to get a callback to attacker-controlled server
[Demo] Exploiting Log4j via unpatched Minecraft server (Spawning calc.exe)
[Demo] Exploiting Log4j via unpatched Minecraft server (Spawning a reverse shell)
How the industry is responding from a defense perspective
Industry chatter surrounding CVE-2021-44228
Blog post discussion
Open Source Log4Shell Vulnerability Tester
Conclusion
Intro
BugBounty Public Service Announcement
Chapter #1: Log4j 2
Log4j Lookups
Chapter #2: JNDI
JNDI vs. Log4j
Chapter #3: Log4Shell Timeline
Developer Experiences Unexpected Lookups
The Discovery of Log4Shell in 2021
Chapter #4: The 2016 JNDI Security Research
Java Serialized Object Features
Why Was The Security Research Ignored?
Chapter #5: Security Research vs. Software Engineering
Final Words and Outlook to Part 2
Outro