Today’s episode covers the vulnerability affecting Java logging package, Log4j. This episode took a little longer to make than expected due to its complexity. Please see links below used to create the episode.

TryHackMe’s Solar, exploiting log4j https://tryhackme.com/room/solar

The Log4J Vulnerability Will Haunt the Internet for Years https://www.wired.com/story/log4j-log4shell/

Huntress Log4Shell Vulnerability Tester https://log4shell.huntress.com/

Apache logging services https://logging.apache.org/

The Apache Software Foundation https://www.apache.org/

USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh

Log4j Attack surface - https://github.com/YfryTchsGD/Log4jAttackSurface

Log4j - Apache Log4j Security Vulnerabilities - https://logging.apache.org/log4j/2.x/security.html

JDBC Appender https://logging.apache.org/log4j/2.x/manual/appenders.html#JDBCAppender

Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html

What is JDBC? https://www.ibm.com/docs/en/informix-servers/12.10?topic=started-what-is-jdbc

Lesson: Overview of JNDI https://docs.oracle.com/javase/tutorial/jndi/overview/index.html

W3Schools - Addressing https://www.w3.org/Addressing/URL/uri-spec.html

Amazon Affiliate link - https://amzn.to/3rpF5KI

---

Send in a voice message: https://podcasters.spotify.com/pod/show/usbog/message