#cybersecurity #log4j #exploit #java #jndi #securecoding
In this tutorial, I explain practical exploiting of Log4j vulnerability, and how to do reverese shell with impacted server, this tutorial use Kontra application security simulation lab.
lab link
https://application.security/free-application-security-training/understanding-apache-log4j-vulnerability
Kontra URL
https://application.security/
for developer and Cybersecurity people, a free step-by-step lab for how to exploit log4j vulnerability.
vulnerability is serious, and state-sponsopered hackers are already using it, Belgian Defense Ministry confirms cyberattack through Log4j exploitation, check this link:-
https://www.zdnet.com/article/belgian-defense-ministry-confirms-cyberattack-through-log4j-exploitation/
don't forget, the mitigation is to upgrade to version 2.17.0, subscribe if you like.
after all, this is a quick video, I recommend to open the lab directly if you have experience, if don't follow my progress, but read information and popup info wisely.
Contact us
Telegram
https://t.me/techvortex
Facebook Group
https://www.facebook.com/groups/1012323126181044
Facebook Page
https://www.facebook.com/techvortex.official
chapters
00:00 introduction - the new way for training for secure code and app security
01:10 hands on lab for log4j exploiting on Kontra
01:20 why web apps are more vulnerable
01:42 accessing the log4j exploit lab
13:05 example of malicious jar file
14:30 JNDI exploitation framework
16:20 Netcat usage example for reverse shell
20:23 the end of Kontra lab
21:00 final thought, how to be secure through coding practices
This video is a result of hard work, dedicated time and preparation and years of experience, Please like, Subscribe and Share and tell us your comment