On this course we will learn about what Log4Shell vulnerabilities are and how to identify and exploit this vulnerabilities in a security assessment point of view.
--> We start by learning the theoretical concepts about this vulnerability.
--> Then, we are going to create our hacking lab with virtualized environments. Here, we will use Oracle Virtual Box to create 3 virtual machines. The first virtual machine will be running Kali Linux and it will be our hacking machine, from which we will exploit Log4Shell vulnerabilities. The second virtual machine will be running Ubuntu Desktop and it will be one of the victims machine, which will be running a Log4Shell vulnerable web application. The third virtual machine will be running Windows 11 and it will be one of the victims machine, which will be running a Log4Shell vulnerable Minecraft Server.
--> Then, we will learn how to exploit Log4Shell vulnerabilities and so, perform the following attacks: Log Manipulation, Out-Of-Band (OOB) Interactions , Ourt-Of-Band (OOB) Interactions With Data Exfiltration and Gaining a Shell. Here, all the attacks will be explaned step by step.
--> Then, we will learn about pentesting and security assessments methodologies, focusing on the identifications of Log4Shell vulnerabilities.
--> Finally, we will learn how to mitigate Log4Shell vulnerabilities.
This course is mainly focused on aquiring knowledge through practical exercises, which i do believe that is the best way to learn. Hope you enjoy it!
Rui Carreira
source : https://www.udemy.com/share/106gwq/