Simple play icon Course
Skills

Talking Tradecraft @ Pluralsight: A Technical Dive into the Log4Shell Exploit

by Aaron Rosenmund, Brandon DeVault and Bri Frost

This course is a technical post-mortem of the Log4Shell vulnerability, discussing the impact that has been seen to date, new developments in the remediation, and what to expect in the future.

What you'll learn

This course is a post-mortem of the Log4Shell vulnerability, discussing the impact that has been seen to date, new developments in the remediation, and what to expect in the future. First you will learn about the different effected versions and CVE's that have been assigned to this category of vulnerabilities associated with the Log4J library. Next, we will cover different attacks that have been seen in the wild and how attackers can leverage this exploit in a full attack chain. Last, we will cover a technical walkthrough of the exploit it self and some technical mitigations you can use in any environment.

Table of contents

Log4j In-depth Overview
5mins
How Is Log4j Being Used?
13mins
Demo: Log4j
32mins
Prevention
5mins

About the authors

Aaron Rosenmund

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more

See more courses by Aaron Rosenmund
Brandon DeVault

Brandon DeVault is a Security Researcher focused on threat hunting at CrowdStrike. He is also a member of the Florida Air National Guard with a variety of offensive and defensive experience. Prior to joining CrowdStrike, Brandon worked full-time as an author with Pluralsight and at Elastic, creating and delivering security content. He also worked with Special Operations Command, where he had two deployments to Afghanistan on deployable communications teams. His experience spans incident response... more

See more courses by Brandon DeVault
Bri Frost

Bri is a renowned expert with 7 years of experience in the field of Cybersecurity and IT, bringing a unique perspective to the table. As the Director of Security Curriculum and Research at Pluralsight, Bri is instrumental in developing the cutting-edge cybersecurity curriculum and content strategy. With a wealth of knowledge as an author of Pluralsight training content, she infuses a "red-team" or attacker-focused mindset into her teachings to grasp security concepts and defense strategies effec... more

See more courses by Bri Frost
Ready to upskill? Get started