|
This Log4Shell explainer video relies on four specially coded “miniservers” to simulate, track and document the infamous Log4j vulnerability of December 2021.
All four miniservers are written using Lua, either entirely in Lua (DNS and LDAP) or indirectly as Lua scripts launched via Ncat, the super-useful netcat replacement that’s part of Nmap.
(The Luaesque nature of three of the servers is obvious from their command lines or their output. The DNS server doesn’t advertise its Luonicity because it’s already running when the video opens and its startup banner has scrolled off out of the terminal
window. DNS = green, LDAP = blue, HTTP = red. Having eminently hackable miniservers for individual protocols and specific malware call-home behaviours is surprisingly useful when you want to do live demos of how exploits and malware attacks unfold, and how
to detect and prevent them. I’ve accumulated a lot of utility code to collect, log and dump malware activity over the years.)
|