/plushcap/analysis/cloudflare/exploitation-of-cve-2021-44228-before-public-disclosure-and-evolution-of-waf-evasion-patterns

Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration

What's this blog post about?

The blog post discusses evasion patterns and exfiltration attempts related to the CVE-2021-44228 vulnerability, also known as Log4Shell. It highlights that attackers initially used simple strings for exploitation but quickly switched to more complex methods to bypass Web Application Firewalls (WAFs). The post provides examples of evasion techniques and explains how the language used in Log4j allows for obscuring key strings. Additionally, it presents a chart showing the evolution of blocked attacks over time. The article emphasizes the importance of patching systems with up-to-date Log4j or applying mitigations to prevent exploitation.

Company
Cloudflare

Date published
Dec. 14, 2021

Author(s)
John Graham-Cumming, Celso Martinho

Word count
1221

Hacker News points
4

Language
English


By Matt Makai. 2021-2024.