Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
After the log4shell (CVE-2021-44228) vulnerability was patched with version , another CVE was filed. Apparently log4j was still vulnerable in some cases to a denial of service. However it turned out that on some systems, the issue can still lead to a remote code execution. In this video we use the Java fuzzer Jazzer to find a bypass.
Jazzer Java Fuzzer:
Anthony Weems:
00:00 - Intro
00:54 - Chapter #1: The New CVE
03:38 - Chapter #2: Disable Lookups
05:43 - Chapter #3: Vulnerable log4j Configs
07:52 - Chapter #4: The Remote Code Execution
10:53 - Chapter #5: Parser Differential
12:57 - Chapter #6: Differential Fuzzing
16:07 - Chapter #7: macOS Only
18:15 - Chapter #8: Increase Impact
19:03 - Summary
19:58 - Outro
-=[ ❤️ Support ]=-
→ per Video:
→ per Month:
-=[ 🐕 Social ]=-
→ Twitter:
→
1 view
0
0
3 months ago 00:20:22 1
A guitar for ANTS? (Flight Pathfinder Electric Ukulele + Jet Guitars JS-450)