Today’s episode covers the vulnerability affecting Java logging package, Log4j. This episode took a little longer to make than expected due to its complexity. Please see links below used to create the episode. TryHackMe’s Solar, exploiting log4j https://tryhackme.com/room/solar The Log4J Vulnerability Will Haunt the Internet for Years https://www.wired.com/story/log4j-log4shell/ Huntress Log4Shell Vulnerability Tester https://log4shell.huntress.com/ Apache logging services https://logging.apache.org/ The Apache Software Foundation https://www.apache.org/ USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh Log4j Attack surface - https://github.com/YfryTchsGD/Log4jAttackSurface Log4j - Apache Log4j Security Vulnerabilities - https://logging.apache.org/log4j/2.x/security.html JDBC Appender https://logging.apache.org/log4j/2.x/manual/appenders.html#JDBCAppender Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html What is JDBC? https://www.ibm.com/docs/en/informix-servers/12.10?topic=started-what-is-jdbc Lesson: Overview of JNDI https://docs.oracle.com/javase/tutorial/jndi/overview/index.html W3Schools - Addressing https://www.w3.org/Addressing/URL/uri-spec.html Amazon Affiliate link - https://amzn.to/3rpF5KI --- Send in a voice message: https://anchor.fm/usbog/message