Y

YouLibs

Remove Touch Overlay

Log4j Vulnerability (Log4Shell) Explained // CVE-2021-44228

Duration: 17:44Views: 239.3KLikes: 11.8KDate Created: Dec, 2021

Channel: LiveOverflow

Category: Education

Tags: minecraftliveoverflowloggerupdateblogladpslog4shell demojava deserializationexploit walkthroughrmilive overflowhacking tutorialremote class loadingcvejavaldap${java:ldap://liveoverflow.com}in-depthserialisationenterprise javalog4jjvmlog4shellupgrademavencve-2021-44228java logginglog4j rcevulnerabilityjavaeelog4j2object serializationexploit tutorialhow to hackobjctstreamwriteupjndiwalkthroughldap serverexploitzero day

Description: Let's try to make sense of the Log4j vulnerability called Log4Shell. First we look at the Log4j features and JNDI, and then we explore the history of the recent log4shell vulnerability. This is part 1 of a two part series into log4j. Log4j Issues: 2013: issues.apache.org/jira/browse/LOG4J2-313 2014: issues.apache.org/jira/browse/LOG4J2-905 2017: issues.apache.org/jira/browse/LOG4J2-2109 Log4j 2 Security: logging.apache.org/log4j/2.x/security.html German Government Warning: bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3 Cloudflare: blog.cloudflare.com/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns A JOURNEY FROM JNDI/LDAP MANIPULATION TO REMOTE CODE EXECUTION DREAM LAND: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf whitepaper: blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf --- 00:00 - Intro 01:05 - BugBounty Public Service Announcement 02:23 - Chapter #1: Log4j 2 03:38 - Log4j Lookups 04:15 - Chapter #2: JNDI 06:01 - JNDI vs. Log4j 06:35 - Chapter #3: Log4Shell Timeline 07:33 - Developer Experiences Unexpected Lookups 09:51 - The Discovery of Log4Shell in 2021 11:08 - Chapter #4: The 2016 JNDI Security Research 11:56 - Java Serialized Object Features 13:27 - Why Was The Security Research Ignored? 14:44 - Chapter #5: Security Research vs. Software Engineering 16:49 - Final Words and Outlook to Part 2 17:23 - Outro -=[ ❤️ Support ]=- → per Video: patreon.com/join/liveoverflow → per Month: youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: twitter.com/LiveOverflow → Instagram: instagram.com/LiveOverflow → Blog: liveoverflow.com → Subreddit: reddit.com/r/LiveOverflow → Facebook: facebook.com/LiveOverflow

Swipe Gestures On Overlay
Home
Channels
All Videos
Categories
Tags
Related
Infinite Masonry

Related

Sorts:
Filters:
CategoryChannelDate CreatedDurationLikesPopularityTagsTitleViews
1-10mins10-30mins30mins+past weekpast monthpast year2021-20242015-2020
  • The Controversial History of 2b2t's Queue SystemFitMC11:52Jan, 2022958.6Kbackgroundvideo thumbnail for: The Controversial History of 2b2t's Queue System
  • We Played Minecraft With Ninja on 2b2tFitMC14:08Jan, 2022844.9Kbackgroundvideo thumbnail for: We Played Minecraft With Ninja on 2b2t
  • The Scariest Week in Minecraft HistoryFitMC09:48Dec, 20211.7Mbackgroundvideo thumbnail for: The Scariest Week in Minecraft History
  • INSANE New Minecraft Builds 1.17 Caves & Cliffs Update!Jeracraft12:17Jan, 20211.9Mbackgroundvideo thumbnail for: INSANE New Minecraft Builds 1.17 Caves & Cliffs Update!
  • The Rise and Fall of JavaThe Science Elf10:38Jul, 2018970.6Kbackgroundvideo thumbnail for: The Rise and Fall of Java
  • I tested VIRAL Roblox Bedwars TikToks.. will they actually work?TanqR08:11May, 2022552Kbackgroundvideo thumbnail for: I tested VIRAL Roblox Bedwars TikToks.. will they actually work?
  • every time I die I change KIT in Roblox Bedwars..TanqR08:13May, 2022690.6Kbackgroundvideo thumbnail for: every time I die I change KIT in Roblox Bedwars..
  • I might get BANNED for doing THIS in Roblox Bedwars..TanqR09:28May, 2022651.1Kbackgroundvideo thumbnail for: I might get BANNED for doing THIS in Roblox Bedwars..
  • the new KIT is way better than I thought.. (Roblox Bedwars)TanqR08:37May, 2022951.2Kbackgroundvideo thumbnail for: the new KIT is way better than I thought.. (Roblox Bedwars)
  • bedwars added HELICOPTERS but they have INFINITE fuel..TanqR08:33May, 2022711Kbackgroundvideo thumbnail for: bedwars added HELICOPTERS but they have INFINITE fuel..
    • Items shown
    to: 10
    of:999
    123...100