Log4j (CVE-2021-44228) RCE Vulnerability Explained

preview_player
Показать описание
Walking through how the log4j CVE-2021-44228 remote code execution vulnerability works and how it's exploited.
Рекомендации по теме
Комментарии
Автор

You saying "just came out a few days ago" makes it sound like a fun new game just got released haha

mint
Автор

It's my first week working in cyber security environment professionally. Trying to get a grasp on my organization's infrastructure while trying to help with the log4j vuln has been a real trial by fire lol. Always enjoy your content!

djmagee
Автор

I love how you actually demonstrate the vulnerability and not just talk about it, like what most others are doing. Keep it up mate, you've got my Subscribe!

ltsmash
Автор

Clicking various links for 30 minutes, trying to understand the issue, and you explain it in less than 4. Thank you!

brianrdetweiler
Автор

With videos out there in 20+ mins and you here with less than 4 mins explaining it so clearly, I know which video to click from next time.

badashgr
Автор

Thanks Marcus. I appreciate your ability to explain a vulnerability like this and demo it in a really understandable way.

AlphaZeroOmega
Автор

The ${…} syntax is not part of Java - it’s solely a Log4j syntax. (If it were part of java there would have been no problem, as it would have been evaluated at compile-time, not run-time)

zaitarh
Автор

I had problem understand this from days and you explained it under 4 mins. You're amazing Marcus 👏❤️

romanxyz
Автор

First time understanding what this means. Thanks.

DavisTibbz
Автор

the variable thing in a string is called string interpolation my dude!

sniGGandBaShoR
Автор

Greetings from Indonesia, I really admire you, and you are great. I'm just a beginner who wants to learn like you from the bottom

FloresMenyapa
Автор

I work in IT and the last week or two has been absolutely mental thanks to this

Svalbaz
Автор

I can't believe that it is that simple. The first thing you learn is always to control the input that is given. That is why you wont just take the given SQL command and execute it. To think that log4j didn't sanitise their input ist just CRAZY. That's a one liner, my god...

tapion
Автор

"versatile" is the key word for this vulnerability.
thanks for explaining! :)

lofman
Автор

Always cool to see a Marcus video out on a new vuln!

kosmonautofficial
Автор

Very well explained. Good video Marcus!

Swing
Автор

This explanation is so cool! I’ve been hearing about the vulnerability but nobody took the time to explain it this way. Thank you! :)

andresromerodev
Автор

Thanks for such layman explanation, I was able to grasp it..

Burgundy_towel
Автор

Better than java brains log4j explanation, now i understand

manideepkumar
Автор

One of the best explanations with practical demo. Thank you ..

abhilpnYT
join shbcf.ru