Log4j? Log4Shell? I feel like I’ve heard those terms before… Perhaps you were so bogged down with remediation and incident response that you didn’t get the necessary time to research and understand the full scope of what happened. In this hands-on talk, we’ll walk through how the vulnerability is exploited and what part it plays in the attack chain. You’ll have an opportunity to emulate the attack or follow along as I demonstrate the attack and various open-source detection methods. This talk takes a purple team approach by discussing the defender’s and attacker’s infrastructure, attack execution, and how to analyze the traffic for identification and detection. We’ll finish up by discussing the aftermath of attacks seen in the wild, current APT approaches to this vulnerability, and address any security concerns that remain. I’ll leave you with configured docker containers, detection mechanisms, and full instructions on how to emulate and detect this attack within your own environment.