Atlassian Confluence - Zero Day Exploit- CVE-2022-26134 Explained with Detection and Mitigation
Ғылым және технология
In this episode I have explained Atlassian Confluence - Zero Day Exploit which has been numbered as CVE-2022-26134. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. Most important part is to detect if a server has been exploited or not from a SecOps perspective, which has been explained in this video.
🔗LINK FOR everything- github.com/archanchoudhury/Co...
Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk. Volexity immediately used Volexity Surge Collect Pro to collect system memory and key files from the Confluence Server systems for analysis. After a thorough review of the collected data, Volexity was able to determine the server compromise stemmed from an attacker launching an exploit to achieve remote code execution. Volexity was subsequently able to recreate that exploit and identify a zero-day vulnerability impacting fully up-to-date versions of Confluence Server.
Following the discovery and verification of this vulnerability, Volexity contacted Atlassian to report the relevant details on May 31, 2022. Atlassian has since confirmed the vulnerability and subsequently assigned the issue to CVE-2022-26134. It has been confirmed to work on current versions of Confluence Server and Data Center.
WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉 • BlackPerl DFIR || INC...
DFIR Free Tools and Techniques 👉 • BlackPerl DFIR || DFIR...
Windows and Memory Forensics 👉 • BlackPerl DFIR || Wind...
Malware Analysis 👉 • BlackPerl DFIR || Malw...
SIEM Tutorial 👉 • BlackPerl DFIR || Lear...
Threat Hunt & Threat Intelligence 👉 • BlackPerl DFIR || Thre...
Threat Hunt with Jupyter Notebook👉 • Threat Hunt with Jupyt...
📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn: / blackperl
✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: github.com/archanchoudhury
✔ Insta: (blackperl_dfir) / blackperl_dfir
✔ Can be reached via support@blackperldfir.com
Пікірлер: 4
🔗Link for everything- github.com/archanchoudhury/Confluence-CVE-2022-26134 In this episode I have explained Atlassian Confluence - Zero Day Exploit which has been numbered as CVE-2022-26134. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. Most important part is to detect if a server has been exploited or not from a SecOps perspective, which has been explained in this video. Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk. Volexity immediately used Volexity Surge Collect Pro to collect system memory and key files from the Confluence Server systems for analysis. After a thorough review of the collected data, Volexity was able to determine the server compromise stemmed from an attacker launching an exploit to achieve remote code execution. Volexity was subsequently able to recreate that exploit and identify a zero-day vulnerability impacting fully up-to-date versions of Confluence Server. Following the discovery and verification of this vulnerability, Volexity contacted Atlassian to report the relevant details on May 31, 2022. Atlassian has since confirmed the vulnerability and subsequently assigned the issue to CVE-2022-26134. It has been confirmed to work on current versions of Confluence Server and Data Center. WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!! ------------------------------------------------------------------------------------------------------------------------- INCIDENT RESPONSE TRAINING Full Course 👉kzread.info/head/PLj... DFIR Free Tools and Techniques 👉 kzread.info/head/PLj... Windows and Memory Forensics 👉 kzread.info/head/PLj... Malware Analysis 👉 kzread.info/head/PLj... SIEM Tutorial 👉 kzread.info/head/PLj... Threat Hunt & Threat Intelligence 👉 kzread.info/head/PLj... Threat Hunt with Jupyter Notebook👉 kzread.info/head/PLj... 📞📲 FOLLOW ME EVERYWHERE- ------------------------------------------------------------------------------------------------------------------------- ✔ LinkedIn: www.linkedin.com/company/blac... ✔ You can reach out to me personally in LinkedIn as well- bit.ly/38ze4L5 ✔ Twitter: @blackperl_dfir ✔ Git: github.com/archanchoudhury ✔ Insta: (blackperl_dfir)instagram.com/blackperl_d... ✔ Can be reached via archan.fiem.it@gmail.com
great video...appreciate it
@BlackPerl
Жыл бұрын
Thanks
❤️❤️❤️