What do you need to know about the log4j (Log4Shell) vulnerability?

Channel:

SANS Cyber Defense

Subscribers:

23,600

Published on December 14, 2021 6:03:18 AM ● Video Link: https://www.youtube.com/watch?v=496R1c7ENVs

Category:

Vlog

Duration: 44:55

4,477 views

A Remote Code Execution (RCE) vulnerability in the popular log4j library was published yesterday.

While any RCE vulnerability sounds bad, this one is particularly nasty because it affects absolutely any application (server and client-side) that uses a vulnerable version of the log4j library.

In this live stream, we'll go over exploitation details and will see what blue teams can do to detect the attack and protect their environments.

Access slides and other details here:
https://www.sans.org/blog/what-do-you-need-to-know-about-the-log4j-log4shell-vulnerability/

#cyber #cybersecurity #vulnerabilities #log4j #rce #remotecodeexecution #blueteaming #blueteam #blueteams #cyberattack

Other Videos By SANS Cyber Defense

2022-03-17	Lifting the Fog: Exploring Maritime OSINT
2022-03-11	Visualizing TensorFlow Models: Part II
2022-03-04	SOC Alert Tuning and False Positive Reduction: Setting Yourself Up for Success
2022-03-03	Defenders: What to do NOW if expecting nation state attackers
2022-02-18	Visualizing TensorFlow Models: Part I
2022-02-04	Visualizing TensorFlow Models: Part 1
2022-01-21	Visualizing How CNNs See Images
2022-01-21	PowerShell 2022: State of the Art / Hack / Infection
2022-01-14	All-Around Defenders: New Year, New Start
2022-01-07	Applying DS/ML to Forensics and Incident Response: An Interview with Jess Garcia
2021-12-13	What do you need to know about the log4j (Log4Shell) vulnerability?
2021-11-22	Get to Know SANS Instructor and SEC586 Course Author Josh Johnson
2021-11-22	Bringing the Sexy Back to Blue Team, with Eric Conrad and Seth Misener
2021-11-17	Modern Authentication for the Security Admin
2021-11-15	DeTT&CT(ing) Kubernetes ATT&CK(s) with Audit Logs
2021-11-13	Ransomware Preparation, Containment and Recovery Strategies
2021-11-12	Building on the Foundations of OSINT with SEC587: Advanced Open-Source Intelligence
2021-11-12	AI & ML in the Modern SOC
2021-11-11	YARA for Mere Mortals
2021-11-09	Threat Sightings: The Power of Observation for Driving Cyber Threat Detection Improvements
2021-11-07	Blue-Team-as-Code: Lessons From Real-world Red Team Detection Automation Using Logs

Tags:

log4j

log4j vulnerability

log4j exploit

log4j vulnerability explained

log4j exploit explained

Log4Shell

log4shell vulnerability

log4shell explained

Channel	Latest
domisumReplay: Malphite	6 hours ago
Vithy	7 hours ago
Vitor Hugo 🐻	7 hours ago
Garena RoV Thailand	7 hours ago
Dean Fraiser	7 hours ago
World Gamers	7 hours ago
Professor Gaming	7 hours ago
Ara Games	7 hours ago
ReyDiiOrNot	8 hours ago
Panoramic 29	8 hours ago
serratus gaming	8 hours ago
ASMR AI	8 hours ago
Tedi Budiman	8 hours ago
SDN GARDU PATOKBEUSI	8 hours ago
Gd sajan	9 hours ago
Jankos	9 hours ago
DouglasGeO	9 hours ago
sute rider	9 hours ago
ExternalHyper	9 hours ago
Hart Gaming	9 hours ago
Jerick Sonnn	9 hours ago
Aa AHEN	9 hours ago
Kuchiro, Arrogante!	9 hours ago
arlon colon	9 hours ago
Tongbos_EN	9 hours ago