#cybersecurity #log4j #exploit #java #jndi #securecoding

In this tutorial, I explain practical exploiting of Log4j vulnerability, and how to do reverese shell with impacted server, this tutorial use Kontra application security simulation lab.


lab link
https://application.security/free-application-security-training/understanding-apache-log4j-vulnerability

Kontra URL
https://application.security/

for developer and Cybersecurity people, a free step-by-step lab for how to exploit log4j vulnerability.


vulnerability is serious, and state-sponsopered hackers are already using it, Belgian Defense Ministry confirms cyberattack through Log4j exploitation, check this link:-
https://www.zdnet.com/article/belgian-defense-ministry-confirms-cyberattack-through-log4j-exploitation/

don't forget, the mitigation is to upgrade to version 2.17.0, subscribe if you like.

after all, this is a quick video, I recommend to open the lab directly if you have experience, if don't follow my progress, but read information and popup info wisely.


Contact us
Telegram
https://t.me/techvortex

Facebook Group
https://www.facebook.com/groups/1012323126181044

Facebook Page
https://www.facebook.com/techvortex.official

chapters

00:00 introduction - the new way for training for secure code and app security
01:10 hands on lab for log4j exploiting on Kontra
01:20 why web apps are more vulnerable
01:42 accessing the log4j exploit lab
13:05 example of malicious jar file
14:30 JNDI exploitation framework
16:20 Netcat usage example for reverse shell
20:23 the end of Kontra lab
21:00 final thought, how to be secure through coding practices

This video is a result of hard work, dedicated time and preparation and years of experience, Please like, Subscribe and Share and tell us your comment