On The Many Habitats, Hiding Places, and Known Camouflages of Apache Log4J - Julius Musseau

Name: On The Many Habitats, Hiding Places, and Known Camouflages of Apache Log4J - Julius Musseau
Uploaded: 2022-07-11
Duration: 52 min 40 s
Description: Vulnerable Log4J versions should be easy to identify, right? There are only 30 published versions of Log4J that are actually vulnerable to the incredible CVE-2021-44228 vulnerability. How hard can it be to identify (and exterminate!) versions of this mischievous Java library on our file systems? In

BSides Vancouver52:4064 viewsPublished 2022-07Watch on YouTube ↗

About this talk

Vulnerable Log4J versions should be easy to identify, right? There are only 30 published versions of Log4J that are actually vulnerable to the incredible CVE-2021-44228 vulnerability. How hard can it be to identify (and exterminate!) versions of this mischievous Java library on our file systems? In this talk Julius will show how things are not quite as simple as one would hope, and how Log4J can come in many different shapes and forms, defeating scan and identification attempts.

On The Many Habitats, Hiding Places, and Known Camouflages of Apache Log4J - Julius Musseau

Related talks