Exam Actual Complete Real Exam Questions And
Correct Answers (Verified Answers) Already
Graded A+ | Guaranteed Success!! Newest Exam
Exfiltration Attack Scenario - Log4Shell
1. Attacker inserts the JNDI lookup into the header of a vulnerable server
2. String is passed to the Log4J for logging
3. Log4J processes the string and queries the malicious LDAP server
4. LDAP Server respond with directory information containing the
malicious Java class - Java desanitizes or downloads the class and
executes it
,Significance of Log4Shell
Widespread adoption of Log4j = vast impact of Log4Shell. Affected a broad
array of systems and applications (enterprise software to web application
and some
hardware devices)
Ease of exploitation - simply submit a specially crafted string to an
application that logs the input
Remote Code Execution - execute arbitrary code remotely = severe type
of vulnerability. Allos attackers to gain control over affected systems,
potentially leading to data theft, system compromise, and further network
infiltration
Chain Reaction - Once attacker gains initial access, they can perform
additional actions that also get logged futher exploiting the vulnerability
and deepending their foothold in the system
, How to prevent Log4Shell?
Patching - update to version not vulnerable to Log4Shell (ver 2.15.0 or later).
Prioritze patching systems that are directly accessible from the internet
Environment variables - (ver 2.10+) set
'LOG4J_FORMAT_MSG_NO_LOOKUPS' environment variable to 'true' -
disables the message lookup mechanism that Log4Shell exploits.
Web Application Firewall (WAF) Rules - block request containing the
malicious Log4Shell patterns
Network Segmentation and Monitoring - limits the spread of an attack if a
system is compromised. Monitor for unusual patterns allows for detection
of potential
exploitation attempts
NIST Cybersecurity Framework Functions
Identify
Protect
Detect
Respond
Recover
NIST CSF - Identify
Develop an organizational understanding to manage cybersecurity risk to
systems, assets, data, and capabilities.
Asset management, business environment, governance, risk assessment, risk
management strategy, supply chain risk management