Expanded Library

Talking Tradecraft @ Pluralsight: A Technical Dive into the Log4Shell Exploit

by Aaron Rosenmund, Bri Frost and Brandon DeVault

This course is a technical post-mortem of the Log4Shell vulnerability, discussing the impact that has been seen to date, new developments in the remediation, and what to expect in the future.

What you'll learn

This course is a post-mortem of the Log4Shell vulnerability, discussing the impact that has been seen to date, new developments in the remediation, and what to expect in the future. First you will learn about the different effected versions and CVE's that have been assigned to this category of vulnerabilities associated with the Log4J library. Next, we will cover different attacks that have been seen in the wild and how attackers can leverage this exploit in a full attack chain. Last, we will cover a technical walkthrough of the exploit it self and some technical mitigations you can use in any environment.

Table of contents

Log4j In-depth Overview
5mins
How Is Log4j Being Used?
14mins
Demo: Log4j
33mins
Prevention
6mins

About the authors

Aaron Rosenmund

Aaron M. Rosenmund is a cyber security operations subject matter expert, with a background in federal and business defensive and offensive cyber operations and system automation. Leveraging his administration and automation experience, Aaron actively contributes to multiple open and closed source security operation platform projects and continues to create tools and content to benefit the community. As an educator & cyber security researcher at Pluralsight, he is focused on advancing cyber secur... more

See more courses by Aaron Rosenmund
Bri Frost

Bri Frost has worked in IT and cybersecurity for 7 years with a focus on network pentesting and red team operations. She currently works as the Senior Curriculum Manager at Pluralsight creating the cybersecurity curriculum training content and an author of Pluralsight training content, as well. She holds a bachelor’s degree in InfoSystems and Technologies and holds Security+ and Pentest+ certifications.

See more courses by Bri Frost
Brandon DeVault

Brandon DeVault is an Sr. Security Author focusing on general blue team operations, incident response, and threat hunting at Pluralsight. He is also a member of the Florida Air National Guard and works as a threat hunter on a Mission Defense Team (MDT) defending North America’s air tracks. Prior to joining Pluralsight, Brandon worked with Elastic as an Education Architect creating and delivering security content. He also worked with Special Operations Command where he had two deployments to Af... more

See more courses by Brandon DeVault
Ready to upskill? Get started