Log4J Exploit Explained: How it Works, In-Depth Examples, Mitigation, etc.

Log4J Exploit Explained: How it Works, In-Depth Examples, Mitigation, etc. | Log4Shell Vulnerability

Рет қаралды 8,402

Күн бұрын

1:1 Coaching & Resources/Newsletter Sign-up: withsandra.square.site/
Join our Discord :D - / discord
Patreon (Cyber/tech-career resources) ♡: / withsandra
Sign up for our email newsletter: withsandra.square.site/email-...
Hacker Merch: www.redbubble.com/people/Hack...
Ransomeware Attack: • Ransomeware Cyber Atta...
OWASP Top 10 Security Vulns: • Top 10 Web App Securit...
SOC Analyst: Explained: • What does a SOC Analys...
How I learned to Hack: • How I Learned How to H...
Career Q&A: • Career Q&A (Cyber Secu...
How I passed my Security+ certification exam: • How I Passed Security+...
Security engineers Vs Security analysts: • Cyber Security Analyst...
Coding/cyber bootcamps: Worth it?: • Can you Find a Job Wit...
Bug bounties for beginners: • How to Get Started wit...
How I Learned How to Code: • How I Learned How to C...
Highest paid tech jobs: • Highest Paying Jobs in...
How much does cyber security pay: • Cyber Security Pay | H...
Why you should learn to code: • Should You Learn How t...
Top 7 Coding Languages for Cyber Security: • Top 7 Coding Languages...
Watch next :) -
How to get your first cyber security job: • How to find an entry l...
Why go into cyber security: • Why go into Cyber Secu...
Why you shouldn’t go into cyber security: • Why You Shouldn’t Choo...
Resume That Got Me My First Cyber Security Job: • Critiquing My Resume |...
How to get started in cyber security with no experience: • How to get a job in cy...
Top 7 Skills for Cyber Security: • Top 7 Skills for Cyber...
Top 7 Cyber Security Conferences: • Top 7 Cyber Security C...
Security Analyst work vlog: • Video
Cyber Security Interview Prep: • Cyber Security Intervi...
Top 7 Jobs in Cyber Security: • Best Cyber Security Jo...
The SWE vs Cyber series:
Which should I choose - Cyber Security or Software Development?: • Choosing Between Softw...
Cyber Security vs Software Engineer: • Cyber Security vs Soft...
SWE Resume vs Cyber Security Resume: • Cyber Security vs Soft...
------------------
Hey there :) - thanks for watching!
I post videos every Wednesday and Sunday, please subscribe, like, and share if you enjoyed this video! It really supports me and if there are any videos you’d like to see from me, please feel free to drop it down in the comments below and I’ll try my best! ⇩♡
Support the channel ♡ : / withsandra
1:1 Coaching: withsandra.square.site/
Sign up for my email newsletter: withsandra.square.site/email-...
❈ Connect with me ❈
Vlog Channel: kzbin.info/door/eo2...
Blog: www.withlovesandra.com/
Twitch: / withlove_sandra
Advice for Ambition Podcast (Available on any podcast platform):
open.spotify.com/show/0TC8muD...
My handmade jewelry: www.etsy.com/shop/aimijewelry
❈ Filming Equipment ❈
Camera: amzn.to/3fh56mB
Vlogging Camera: amzn.to/3ocw03s
Phone Tripod: amzn.to/2BTAn0l
Ring Light Tripod: amzn.to/2YpNKgx
❈ All my favorite products ❈
www.amazon.com/shop/withlove....
Buy me a coffee: ko-fi.com/lovesandraxo
My amazon wishlist: www.amazon.com/hz/wishlist/ls...
❈ Discounts/Codes ❈
Robinhood free stock: join.robinhood.com/sandral7
Webull free stock: act.webull.com/n/AIpkhDAtMr2G...
Wealthfront $5,000 invested free www.wealthfront.com/invited/A...
Yotta Savings (100 free tickets) withyotta.page.link/nSa4S5yCY...
Music: www.bensound.com
Brand/collaboration inquiries: hello@withlovesandra.com
Disclaimer: This video is not sponsored. Some links are affiliate links which means I earn a small commission if anyone decides to purchase through them. Thank you so much for your support!
Timestamps:
Intro (0:00)
What exactly is log4j? (0:48)
Explaining the exploit (log4shell) (1:48)
How the attack works (technical) (5:52)
Example attack using log4shell (7:42)
Mitigations/patches for log4j (9:30)
Tags: log4j vulnerability explained,log4j vulnerability explained 2021,log4shell vulnerability explained,log4shell vulnerability,log4j vulnerability,what is log4j,what is the log4j vulnerability,what is log4shell,what is the log4shell vulnerability,log4j exploit explained,log4j exploit explained 2021,log4shell exploit explained,log4shell exploit,log4j exploit,what is log4j,what is the log4j exploit,what is log4shell,what is the log4shell exploit,log4shell exploit,understanding the log4j vulnerability,understanding the log4j exploit,biggest exploits of 2021,biggest vulnerabilities of 2021,biggest vulnerability of 2021,biggest exploit of 2021

Пікірлер: 50

@WithSandra 2 жыл бұрын

Has your org been affected by the log4j exploit? What are some other big exploits you’d like me to cover? 💻💡

@dmarshall5877 2 жыл бұрын

I have a question, is it essential for cybersecurity to learn how to build a website or software? or I just need to know how they work?

@tachometer-flac Жыл бұрын

Rockstar currently dealing with this issue. All this week many people playing GTA Online multiplayer have seen their characters stats modified such as money and level. Some people can't login. The launcher doesn't recognize their email. Rockstar Games sent out a Tweet that they are working on a fix.

@uncleelder4922 Жыл бұрын

I viewed about 6 videos on log4j before this one. This one so far is the most useful and concise

@chikaacholonu4613 2 жыл бұрын

I loved how you broke it down. I'd been trying to wrap my head around it for a week now...lol

@WithSandra 2 жыл бұрын

Thank you for watching Chika! Yeah same haha I’ve been working through it this week but really tried to understand how it worked step by step before making this video, appreciate your support!

@paulagiglio4461 2 жыл бұрын

This was a great explanation and very helpful. Thank you!

@WithSandra 2 жыл бұрын

Thank you Paula! Glad it was helpful :)

@vulnerabilitycsrf 2 жыл бұрын

Thanks for the simple explanation and explanation of attack vectors. How should I format my home office for entry level SOC analyst: two screens, RAM requirements, 1 TB of storage?

@themistoclesnelson2163 2 жыл бұрын

Thank you for the explanation :) I appreciate it is much shorter than the others.

@subhamroy5368 2 жыл бұрын

Thanks for the detailed video 🔥

@WithSandra 2 жыл бұрын

Thanks so much for watching! 😁

@indermatharu4671 2 жыл бұрын

Great explanation, thank you!

@WithSandra 2 жыл бұрын

Thanks so much for watching! :)

@seyznet7183 2 жыл бұрын

You’re so brilliant ❤️✨👏🏽

@WithSandra 2 жыл бұрын

Thanks so much for watching! :)

@yungjohnathan1188 2 жыл бұрын

Thorough explanation. Thanks 😎

@WithSandra 2 жыл бұрын

Thanks so much for watching! 😁😁

@bjkorb7272 2 жыл бұрын

Thanks for making this video!

@WithSandra 2 жыл бұрын

Np thanks so much for watching!😁

@craigheard2504 2 жыл бұрын

Thank U Sandra. Great explanation. 👍🏽.

@WithSandra 2 жыл бұрын

Thanks so much Craig! ☺️

@Thejaslane91 2 жыл бұрын

Glad you talked about this. Work has been atrocious this last week 🤯

@WithSandra 2 жыл бұрын

Thanks for watching Jas! And same here LOL.. everyone I talked to this past week was roped into this exploit in someway, hopefully its only uphill from here!

@gurvirsingh4190 2 жыл бұрын

Great explanation 🔥🔥

@WithSandra 2 жыл бұрын

Thank you Gurvir! 😁

@AlexiMinko-Legault Жыл бұрын

Would this exploit explain why JS scripts with contents exhibiting malicious to suspicious behavior (remote control executions, hook api calls, calls an API to take screenshot etc...) might appear out of nowhere on a computer via drive accounts?

@melvinpatomendoza 2 жыл бұрын

Thanks!

@WithSandra 2 жыл бұрын

Thanks so much for watching Melvin! 😁

@ankhcreations 2 жыл бұрын

Thanks for sharing

@WithSandra 2 жыл бұрын

Thanks so much for watching Andre! 😁

@johnczech7074 2 жыл бұрын

This was really interesting. Thank you beautiful lady and hope you guys are doing well!

@WithSandra 2 жыл бұрын

Thank you so much for watching John! Appreciate your support as always :)

@ramiabed6716 2 жыл бұрын

nice content , i have 5+ experience in IT support with sec+ network+ and ccna certificates , ist enough to get me started with cyber security ?

@johnwale5951 2 жыл бұрын

Aren’t you already qualified lol??

@dx31900 2 жыл бұрын

What solutions you guys are using to prevent this?

@WithSandra 2 жыл бұрын

Hi Muhammad, thanks for watching! The best recommendation is to download the latest patch from Apache

@jerryasagba7352 2 жыл бұрын

I would Love to watch you stream, but great video

@WithSandra 2 жыл бұрын

Thanks so much for watching Jerry! :) Appreciate your support, and might consider streaming sometime next year haha

@rujotheone 2 жыл бұрын

This reminds me of shellshock. Simple but devastating

@WithSandra 2 жыл бұрын

I agree! The worse part of it all is how easy it is for someone to point it to some malicious code they’re hosting at some url. Thanks so much for watching!

@rujotheone 2 жыл бұрын

@@WithSandra Welcome. If you really think about it, the exploit exists at the interface between two tech stacks . One wonders which other exploits can be created this way; by exploiting interfaces between 2 different technologies which independently are not insecure