Welcome to the comment section! I hope this video was useful for you. If it was, make sure to leave a like and check out other videos about real-world vulnerabilities on my channel!
I found the Log4J in my client-site (confirmed), I can extract small data via DNS Exfiltrate technique according to your video. Then I try to setup LDAP to get reverse shell, the site can contact to my LDAP but it always get stuck, and I cannot even get reverse shell or create a file in the server. What's the reason?
I just wonder if the log4j library has been used by Oracle (sic) developers in java JVM(JDK) development and has the whole Java ecosystem been compromised? Maybe? Eh? Could it?
Welcome to the comment section! I hope this video was useful for you. If it was, make sure to leave a like and check out other videos about real-world vulnerabilities on my channel!
I never miss a video. Great effort.
Very nice overview. I've consulted several resources and this one makes it very clear. Thanks.
That's wonderful to hear!
great explanation!
That was an awesome stuff my dear friend.
it was!
really great 💥💥💥💥
I found the Log4J in my client-site (confirmed), I can extract small data via DNS Exfiltrate technique according to your video. Then I try to setup LDAP to get reverse shell, the site can contact to my LDAP but it always get stuck, and I cannot even get reverse shell or create a file in the server. What's the reason?
yooooooooooo I've been waiting for this
Me too, luckily this time I managd to publish it before new bypasses were found
Really nicely explained👍
thanks!
Amazing video! Wow great stuff I appreciate it
Thank you!
Best explanation out there
Great to hear!
keep going bro..🔥🔥
I will🔥
Could I ask about why my server fetch the java class and execute it?
Cause of unserialize?
or others reason?
It's a feature of JNDI to fetch the java class and execute it
Nice. Do you have any info about the recent CVE-2021-45105? It recommends to update log4j to 2.17.0
I mentioned it in 08:11
I just wonder if the log4j library has been used by Oracle (sic) developers in java JVM(JDK) development and has the whole Java ecosystem been compromised? Maybe? Eh? Could it?
Luckily it's not that terrible
Cool bro.
Nyc Video Sir 👍
Thanks👍
this epic 🔥
🔥
Log4j vulnerability creator??
Chen Zhaojun from Alibaba Cloud Security Team
Good
I want to contact you for business purpose, any email id? , Unable to contact you on twitter
hi. Channel page > About > For business enquiries