•  /  download-cloud Download (3 MB) hash log4shelllog4jtalk refresh-cw 

Looking behind the immediate pain of Java’s now infamous logging library Log4j:

  • How do the vulnerabilities work and how to exploit them? Also, how critical are they in reality?
  • Why is it relatively complex to detect and evaluate for both custom and off-the-shelf software?
  • What does it mean for a widely used product like Elasticsearch?
  • How can you monitor exploitation attempts?

PS: Full blog post for Log4Shell and Elasticsearch.