•  /  download-cloud Download (2 MB) hash log4shelllog4jtalk refresh-cw 

Looking behind the immediate pain of Java’s now infamous logging library Log4j:

  • How do the vulnerabilities work and how to exploint them? Also, how critical are they in reality?
  • Why is it relatively complex to detect and evaluate both for custom and off the shelf software?
  • What it means for a widely used product like Elasticsearch?
  • How can you monitor exploitation attempts?

PS: Full blog post for Log4Shell and Elasticsearch.