Log4Shell — Simple Techincal Explanation of the Exploit

Background

Why Logs are Vulnerable

Log4Shell

Log4j Lookups

JNDI and Lookups

Local Vs. LDAP

Log4Shell Payload — Attack Flow

--

--

--

I love to learn, build and break things. Head of Security Research @ Traceable.ai; Security Consultant @ Tangent Logic

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

SolarWinds Supply Chain Compromise — Is it impossible to detect?

Why was my Wordpress site hacked?

Comprehensive security system in AppGallery

Election Manifesto of TRON Super Representative — — Infinity Stones

We have come to Stay don’t be left out!

[EN] POST XSS Exploitation

The Puzzle of the Internet

Keybase acquisition by Zoom- Boosting Encryption Capabilities

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Inon Shkedy

Inon Shkedy

I love to learn, build and break things. Head of Security Research @ Traceable.ai; Security Consultant @ Tangent Logic

More from Medium

Understand SSTI in 3 minutes

Eliminating Authorization Vulnerabilities with Dacquiri

Exploiting S3 bucket with path folder to Access PII info of A BANK

Exploiting XSS to Steal Cookies (Portswigger Web Security Academy)