On this episode of HakByte, ‪@AlexLynd‬ demonstrates how to test if web applications are vulnerable to the Log4Shell exploit, using CanaryTokens. This video is sponsored by PCBWay, whose PCB manufacturing & assembly services can be found over at https://www.pcbway.com/.

Links:

Alex's Demo: https://github.com/AlexLynd/log4j-she...
Kozmer's Demo: https://github.com/Kozmer/log4j-shell...

Alex's Twitter:   / alexlynd  
Alex's Website: http://alexlynd.com
Alex's GitHub: https://github.com/AlexLynd

Chapters:
00:00 Intro ‪@AlexLynd‬
00:15 What is Log4J?
00:23 What is Log4Shell?
00:58 CanaryTokens + Tools You'll Need
01:22 PCBWay Manufacturing Services
01:35 Register Log4Shell CanaryToken
03:05 Log4J Vulnerability Explained
03:42 Vulnerable WebApp Setup
06:05 User Agent Strings
08:05 Modifying the Browser User Agent
08:40 Testing the Log4Shell Vulnerability
09:34 CanaryTokens Log4Shell Monitor
10:48 Log4Shell String Explained
12:48 Outro

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darr...
Support →   / threatwire  
Contact Us →   / hak5  
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/t...
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.