it's always nice to see very knowledgeable people shine light on a topic to get rid of some unnecessary fear

Thanks marcus I always learn new things from you! You are the best!

Thank you for sharing your insights regarding a log4j worm.

Great video! Amazing explanation to be able to explain things like these so clearly!

That's actually a really good explanation. Kudos to you

Great explanation! I just stumbled upon this and love how you makie it so easy to understand.

Great explanation as always Bellerophon

Perfect explanation.

thanks for the info marcus

Great video! Thank you so much. 😀👍

Awesome informative video!! 👍👍👍

What a great video! 👍

marcus is there anything you can't do?!! these vids are brilliant!

Good one .... it is good have you on youtube and active

Great video. What do I need to do with my custom exe to bypass most AV softwares possible? I am ready for your instructions :)

Thanks

Thanks, that's helpful. My thinking on this, much of which you already covered, is that the target space is too heterogenous for a worm to be effective, and there are not enough of any particular target to be useful. As well, most vulnerable servers do not use priveleged accounts. Some environments that expose (for instance) a vulnerable Splunk server could then have their internal Splunk servers compromised, which has concerned some security teams. Mostly compromises would ve for 'positional access' - a stepping stone to the rest of the environment. Limiting this is that most vulnerable software should not be running in a privileged account, so local privilege escalation is not a given. That hopefully sets the bar too high for many ransomware access brokers, but not nation states or similar. Perhaps it's plausible that this might be used to wipe logging systems after an event?

Also lot of the exploits (like the one you analyzed) use a poor exploit chain (class factory which does not work on newer java runtime or does depend on specific gadget chains)

When are you guys gonna do another zoom chat? I miss you all. Hope all is well

Not sure what you are using for noise reduction, but I'd turn it off or toggle it down. It makes your pauses completely silent and it makes it seem choppy. But aside from that, awesome Vid as always! Much love!

I would like to upvote, but it's az 69, which describes the video perfectly. :D Great explainer.

nice

you should look into getting an agent and doing like a netflix show!

ty are you back to post reverse engineering vids pleas ?

Thank you. I can make the ultimate worm now!

Unfortunately the human psyche wants to do things because it can, to see its results, not always because it may or may not be effective.

The thumbnail needs bolder text. Very nice video tho

Happe..

the worm doesn't need to be there for the state agencies to take severe mitigation measures, and those measures themselves would cause the problem

A vun for the script kiddies, to deface websites like it was the 00s W.O.H style.