Рет қаралды 341,470
Timestamps (HUGE thanks to deetee in the comments for putting these together!!!):
0:00 - Introduction
0:49 - Tweet on gaining RCE via Minecraft
1:16 - Overview of topics covered in video
1:57 - Context surrounding Log4j exploit
3:08 - Blog posts & Github repositories on CVE-2021-44228
3:58 - [Demo] Exploiting Log4j to get a callback to attacker-controlled server
6:58 - [Demo] Exploiting Log4j via unpatched Minecraft server (Spawning calc.exe)
21:00 - [Demo] Exploiting Log4j via unpatched Minecraft server (Spawning a reverse shell)
24:30 - How the industry is responding from a defense perspective
27:37 - Industry chatter surrounding CVE-2021-44228
28:52 - Blog post discussion
29:28 - Open Source Log4Shell Vulnerability Tester
32:28 - Conclusion
Detection:
thinkstcanary/sta...
/ 1469350532548632581
/ 1469643986403008515
Threats:
/ 1469508032887414784
Bypasses:
/ 1469523006015750146
For more content, subscribe on Twitch! / johnhammond010
If you would like to support me, please like, comment & subscribe, and check me out on Patreon: / johnhammond010
PayPal: paypal.me/johnhammond010
E-mail: johnhammond010@gmail.com
Discord: johnhammond.org/discord
Twitter: / _johnhammond
GitHub: github.com/JohnHammond
If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. www.kite.com/get-kite/?... (disclaimer, affiliate link)