Log4Shell Forensics (Detecting Log4J CVE-2021-44228 Zero-Day Vulnerability Exploits)
I've spent some time hunting for traces of successful Log4Shell attacks and wanted to share some of my insights. CVE-2021-44228 and its close cousins are pretty nasty attacks overall, for many reasons. I've done some videos previously on what they are and how to patch them. In this one, I'll explain why you might not be safe even if you are not running Java, how the actually captured attacks look like, and what they will do. Also demonstrated is a crazy regular expression query you can use to detect traces so that if you were pwned, you at least know it.
As always, if you like anything about the content, please click the like button, drop some feedback, or subscribe to my channel if you like to see future content (remember to click that bell icon to be notified).
Video timecodes:
0:00 - Introduction
0:40 - Refresher: What's the Log4Shell attack pattern?
3:10 - Drilling deeper: Network and Log4Shell - are you safe?
6:50 - What are the common (and uncommon) attack patterns?
9:14 - Testing detection regex against real attack attempts
12:25 - What happens when you are attacked?
14:35 - What's the actual payload? What does it do for your systems?
15:47 - Conclusion and ending words
Some of my older videos on the topic:
• Log4J Security Vulnerability: CVE-202...
• Log4Shell Security Exploit Deep Dive ...
• LOG4SHELL - ARE YOU TIRED YET? (CVE-2...
Links in the video:
https://news.sophos.com/en-us/2021/12...
https://gist.github.com/Neo23x0/e4c8b...
https://github.com/Neo23x0/log4shell-...
https://www.microsoft.com/security/bl... hunting-for-cve-2021-44228-log4j-2-exploitation/
https://regex101.com/
https://github.com/back2root/log4shel...
