Exploitation blog posts

[0x8] Log4shell memos
[0x8] Log4shell memos
By whois

December 18, 2021 | 10 min read

Log4shell logo

Image source: Kevin Beaumont, Twitter

On Friday 10th of December 2021, internet was set on fire. Or technically internet was full of flammable material and someone shared matches to everyone on that day. In this blog post, I will present my thoughts about the case.

TL;DR

  • Do not flame the developers of Log4j or open-source stuff in general for this issue
  • Always use the newest version of Log4j
    • If patching or mitigating is not possible in short term, organizations should consider taking down the vulnerable service until it has been fixed
  • Use default deny outbound
  • Assume breach
  • Happy hunting!

What’s Log4shell and why everyone is buzzing about it ?

Log4shell is a vulnerability found from versions 2.X of Log4j. The vulnerability is easy to exploit and allows an attacker to run their own code in the target system (Remote Code Execution, RCE). The seriousness of the Log4shell vulnerability cannot be exaggerated.