CTM360 Hardening Guidelines

USE CASE: POST-EXPLOITATION IMPACT OF LOG4JSHELL VULNERABILITY

Log4j vulnerability (CVE-2021-44228) allows unauthenticated remote code execution, and is triggered when a specially crafted string provided by the attacker, through a variety of different input vectors, is parsed and processed by the Log4j vulnerable component.

Microsoft stated that a vast majority of post-exploitation activities have been observed and based on the nature of the vulnerability, once an attacker has full access and control of an application, they can perform a myriad of objectives including installing coin miners, Cobalt Strike to enable credential theft and lateral movement as well as exfiltrating data from compromised systems

For more details, Download attachment

Download Guide