Easy Log4J Exploit Detection with CanaryTokens | HakByte

On this episode of HakByte, @AlexLynd demonstrates how to test if web applications are vulnerable to the Log4Shell exploit, using CanaryTokens. This video is sponsored by PCBWay, whose PCB manufacturing & assembly services can be found over at https://www.pcbway.com/.

Links:

Alex's Demo: https://github.com/AlexLynd/log4j-shell-poc
Kozmer's Demo: https://github.com/Kozmer/log4j-shell-poc

Alex's Twitter: https://twitter.com/AlexLynd
Alex's Website: http://alexlynd.com
Alex's GitHub: https://github.com/AlexLynd

Chapters:
00:00 Intro @AlexLynd
00:15 What is Log4J?
00:23 What is Log4Shell?
00:58 CanaryTokens + Tools You'll Need
01:22 PCBWay Manufacturing Services
01:35 Register Log4Shell CanaryToken
03:05 Log4J Vulnerability Explained
03:42 Vulnerable WebApp Setup
06:05 User Agent Strings
08:05 Modifying the Browser User Agent
08:40 Testing the Log4Shell Vulnerability
09:34 CanaryTokens Log4Shell Monitor
10:48 Log4Shell String Explained
12:48 Outro

-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆
Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
Our Site → https://www.hak5.org
Shop → http://hakshop.myshopify.com/
Subscribe → https://www.youtube.com/user/Hak5Darren?sub_confirmation=1
Support → https://www.patreon.com/threatwire
Contact Us → http://www.twitter.com/hak5
Threat Wire RSS → https://shannonmorse.podbean.com/feed/
Threat Wire iTunes → https://itunes.apple.com/us/podcast/threat-wire/id1197048999
-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆-----☆

____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community – where all hackers belong.