it's always nice to see very knowledgeable people shine light on a topic to get rid of some unnecessary fear

Thank you for sharing your insights regarding a log4j worm.

Thanks marcus I always learn new things from you! You are the best!

Great video! Amazing explanation to be able to explain things like these so clearly!

Great explanation! I just stumbled upon this and love how you makie it so easy to understand.

That's actually a really good explanation. Kudos to you

Not sure what you are using for noise reduction, but I'd turn it off or toggle it down. It makes your pauses completely silent and it makes it seem choppy. But aside from that, awesome Vid as always! Much love!

marcus is there anything you can't do?!! these vids are brilliant!

Thanks, that's helpful. My thinking on this, much of which you already covered, is that the target space is too heterogenous for a worm to be effective, and there are not enough of any particular target to be useful. As well, most vulnerable servers do not use priveleged accounts. Some environments that expose (for instance) a vulnerable Splunk server could then have their internal Splunk servers compromised, which has concerned some security teams. Mostly compromises would ve for 'positional access' - a stepping stone to the rest of the environment. Limiting this is that most vulnerable software should not be running in a privileged account, so local privilege escalation is not a given. That hopefully sets the bar too high for many ransomware access brokers, but not nation states or similar. Perhaps it's plausible that this might be used to wipe logging systems after an event?

Great explanation as always Bellerophon

Also lot of the exploits (like the one you analyzed) use a poor exploit chain (class factory which does not work on newer java runtime or does depend on specific gadget chains)

Perfect explanation.

Great video! Thank you so much. 😀👍

Good one .... it is good have you on youtube and active

When are you guys gonna do another zoom chat? I miss you all. Hope all is well

thanks for the info marcus

Great video. What do I need to do with my custom exe to bypass most AV softwares possible? I am ready for your instructions :)

What a great video! 👍

Awesome informative video!! 👍👍👍

you should look into getting an agent and doing like a netflix show!

ty are you back to post reverse engineering vids pleas ?

Unfortunately the human psyche wants to do things because it can, to see its results, not always because it may or may not be effective.

Thank you. I can make the ultimate worm now!

I would like to upvote, but it's az 69, which describes the video perfectly. :D Great explainer.

Thanks

The thumbnail needs bolder text. Very nice video tho

A vun for the script kiddies, to deface websites like it was the 00s W.O.H style.

nice

the worm doesn't need to be there for the state agencies to take severe mitigation measures, and those measures themselves would cause the problem

Happe..