Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits.

References mentioned in the video:

• GitHub repo used for the demo: https://github.com/snyk-labs/java-goof
• Snyk Log4Shell Resource Page: https://snyk.io/log4j-vulnerability-resources/
• Log4Shell Remediation Cheat Sheet: https://snyk.io/blog/log4shell-remediation-cheat-sheet
• Snyk Learn Log4Shell Lesson: https://learn.snyk.io/lessons/log4shell/java
• Kubernetes Security Context Cheat Sheet: https://snyk.io/blog/10-kubernetes-security-context-settings-you-should-understand/
• GitHub "Awesome Log4Shell" list repo: https://github.com/snyk-labs/awesome-log4shell

Tools used in the demo:
Docker Desktop: https://docs.docker.com/desktop/
Minikube: https://minikube.sigs.k8s.io/
kubectl: https://kubernetes.io/docs/tasks/tools/#kubectl

Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.

Learn more about Snyk http://bit.ly/snyk-io

📱Social Media📱
___________________________________________
Twitter: https://twitter.com/snyksec
Facebook: https://www.facebook.com/snyksec
LinkedIn: https://www.linkedin.com/company/snyk
Website: https://snyk.io/