Understanding Log4j through Exploitation
Log4j It was December 9, 2021. I was working as a Vulnerability Management Consultant working for X-Force Red. Suddenly, it was all hands on deck. A new vulnerability had hit the scene and it was EXPLOSIVE. Log4j was a little logging library that java used and it was in EVERYTHING. All of our clients had it and they were worried. We spent weeks working with each of our POC’s (Point of Contact) and helping them identify their vulnerable machines. ...