Log4Shell PoC exploit and mitigation demo on Kubernetes
Demonstration of an RCE against the Log4Shell / CVE-2021-44228 vulnerability on a PoC Java EE app running on Kubernetes. I also go over a few mitigation steps you can take to reduce your exposure to this and other such exploits.
References mentioned in the video:
- GitHub repo used for the demo: https://github.com/snyk-labs/java-goof
- Snyk Log4Shell Resource Page: https://snyk.io/log4j-vulnerability-resources/
- Log4Shell Remediation Cheat Sheet: https://snyk.io/blog/log4shell-remediation-cheat-sheet
- Snyk Learn Log4Shell Lesson: https://learn.snyk.io/lessons/log4shell/java
- Kubernetes Security Context Cheat Sheet: https://snyk.io/blog/10-kubernetes-security-context-settings-you-should-understand/
- GitHub "Awesome Log4Shell" list repo: https://github.com/snyk-labs/awesome-log4shell
Tools used in the demo:
Docker Desktop: https://docs.docker.com/desktop/
Snyk helps software-driven businesses develop fast and stay secure. Continuously find and fix vulnerabilities for npm, Maven, NuGet, RubyGems, PyPI and more.
Learn more about Snyk http://bit.ly/snyk-io