Welcome to this lab guide for the Log4j vulnerability. This workshop was given at CircleCityCon 2022 and referenced at Suricon 2022. Please enjoy!
The entirety of the instructions will be available in this GitHub Repo. To save a copy for reference:
git clone https://github.com/Oofles/Log4j-workshop.git
Please choose one of the available options!
With this option, everything is setup and configured for you! This environment also contains two machines so you can see the attack working across endpoints.
-
Create a free (No credit card required) Pluralsight Account via this link: Click Here!
-
Navigate to the Lab: Log4j Vulnerability Lab: Emulation and Detection
With this option, you bravely choose to set this up on your own laptop!
Prerequisites:
- Linux machine or VM is preferred
- ~4GB of free RAM
- Docker
- tcpdump
- Suricata
- Pull down the containers:
docker pull oofles/log4shell-ldap-server
docker pull oofles/vuln-log4j-app
- Start the vulnerable web application (This will be hosted on port 8080 by default)
sudo docker run -d --name vulnapp2 --network host oofles/vuln-log4j-app
- All other instructions will be very similar, with minor modifications for your file system, IPs, and ports.
The instructions for the various modules are below:
- 1-Setup Network Detections
- 2-Setup Malicious LDAP Server and POC
- 3-Upgrade to a Reverse Shell
- 4-Analysis and Detection
A shorter presentation was given at Suricon with more of a focus on Suricata. A quick reference including all the commands used can be found here: