On this episode of HakByte, @AlexLynd demonstrates how to test if web applications are vulnerable to the Log4Shell exploit, using CanaryTokens. This video is sponsored by PCBWay, whose PCB manufacturing & assembly services can be found over at www.pcbway.com/.
Links:
Alex's Demo: github.com/AlexLynd/log4j-she...
Kozmer's Demo: github.com/Kozmer/log4j-shell...
Alex's Twitter: / alexlynd
Alex's Website: alexlynd.com
Alex's GitHub: github.com/AlexLynd
Chapters:
00:00 Intro @AlexLynd
00:15 What is Log4J?
00:23 What is Log4Shell?
00:58 CanaryTokens + Tools You'll Need
01:22 PCBWay Manufacturing Services
01:35 Register Log4Shell CanaryToken
03:05 Log4J Vulnerability Explained
03:42 Vulnerable WebApp Setup
06:05 User Agent Strings
08:05 Modifying the Browser User Agent
08:40 Testing the Log4Shell Vulnerability
09:34 CanaryTokens Log4Shell Monitor
10:48 Log4Shell String Explained
12:48 Outro
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
Our Site → www.hak5.org
Shop → hakshop.myshopify.com/
Subscribe → ru-vid.com...
Support → / threatwire
Contact Us → / hak5
Threat Wire RSS → shannonmorse.podbean.com/feed/
Threat Wire iTunes → itunes.apple.com/us/podcast/t...
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
7 июл 2024