Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration

The blog post discusses evasion patterns and exfiltration attempts related to the CVE-2021-44228 vulnerability, also known as Log4Shell. It highlights that attackers initially used simple strings for exploitation but quickly switched to more complex methods to bypass Web Application Firewalls (WAFs). The post provides examples of evasion techniques and explains how the language used in Log4j allows for obscuring key strings. Additionally, it presents a chart showing the evolution of blocked attacks over time. The article emphasizes the importance of patching systems with up-to-date Log4j or applying mitigations to prevent exploitation.