#+HashtagPLUS
In

Menu

A Log4j Retrospective Part 2: Data Exfiltration and Remote Code Execution Exploits
📰
0

A Log4j Retrospective Part 2: Data Exfiltration and Remote Code Execution Exploits

Akamai·Charlie Gero·about 1 month ago
#WN28Mzc7
#security#iot#threats#log4j#lot#example
Reading 0:00
15s threshold

Data exfiltration \n In  Part 1 , we covered the background for the vulnerability. Now, let’s dig into the actual exploits. As mentioned in the previous post, JNDI allows not only querying of local data within the Java Runtime Environment, but also remote systems such as DNS and LDAP. By combining JNDI, remote systems, the env lookup, and nesting, a payload can be created that, when placed into text that is meant to be logged, results in data exfiltration. \n"}}"> Data exfiltration In  Part 1 , we covered the background for the vulnerability. Now, let’s dig into the actual exploits. As mentioned in the previous post, JNDI allows not only querying of local data within the Java Runtime Environment, but also remote systems such as DNS and LDAP. By combining JNDI, remote systems, the env lookup, and nesting, a payload can be created that, when placed into text that is meant to be logged, results in data exfiltration.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free accountLog in
Read More