2021-12-24

[public] 46.9K views, 3.28K likes, dislikes audio only

LiveOverflow

In this video we dig a layer deeper into Log4j. We get a quick overview how Log4j is parsing lookup strings and find the functions used in WAF bypasses. Then we bridge the gap to format string vulnerabilities and figure out why the noLookups mitigation has flaws.

Part 1 - Hackers vs. Developers // CVE-2021-44228 Log4Shell: /youtube/video/w2F67LbEtnk

My lamest GitHub repo ever: https://github.com/LiveOverflow/log4shell

--

00:00 - Intro

00:38 - Chapter #1: Log4j Lookups in Depth Debugging

03:50 - Log Layout Formatters

06:56 - Chapter #2: Secure Software Design

09:21 - Chapter #3: Format String Vulnerabilities

13:58 - Chapter #4: noLookups Mitigation

15:15 - Final Worlds

15:42 - Outro

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow

→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/

→ Instagram: https://instagram.com/LiveOverflow/

→ Blog: https://liveoverflow.com/

→ Subreddit: https://www.reddit.com/r/LiveOverflow/

→ Facebook: https://www.facebook.com/LiveOverflow/