BOOK THIS SPACE FOR AD
ARTICLE ADSo you might have heard of the log4j vulnerability (lol). If you’ve read the initial proof of concepts/general information that rushed out at first - in most cases it all point you in the same direction…
Data exfiltration via DNS lookups: most of the time this means sending a JNDI request that resolves an environmental variable before placing it in the “subdomain” position of a URL where DNS lookups are being watched. The main three things that I got out of this were hostname, username, and java version. This…