Channel: LiveOverflow
Category: Education
Tags: minecraftliveoverflowloggerupdateintellijblogladpslog4shell demojava deserializationexploit walkthroughrmilive overflowhacking tutorialremote class loadingjavacveldap${java:ldap://liveoverflow.com}in-depthserialisationdebuggingenterprise javalog4jjvmlog4shellupgrademavenexploit democve-2021-44228java loggingvulnerabilitylog4j rceobject serializationinternalshow to hackexploit tutorialwriteupjndiwalkthroughldap serverzero day
Description: In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vulnerabilities and figure out why the noLookups mitigation has flaws. Part 1 - Hackers vs. Developers // CVE-2021-44228 Log4Shell: youtube.com/watch?v=w2F67LbEtnk My lamest GitHub repo ever: github.com/LiveOverflow/log4shell -- 00:00 - Intro 00:38 - Chapter #1: Log4j Lookups in Depth Debugging 03:50 - Log Layout Formatters 06:56 - Chapter #2: Secure Software Design 09:21 - Chapter #3: Format String Vulnerabilities 13:58 - Chapter #4: noLookups Mitigation 15:15 - Final Worlds 15:42 - Outro -=[ โค๏ธ Support ]=- โ per Video: patreon.com/join/liveoverflow โ per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ ๐ Social ]=- โ Twitter: twitter.com/LiveOverflow โ Instagram: instagram.com/LiveOverflow โ Blog: liveoverflow.com โ Subreddit: reddit.com/r/LiveOverflow โ Facebook: facebook.com/LiveOverflow