The logging software Log4j was recently found to have an injection vulnerability that allowed remote code execution (RCE) among other vectors of attack. The vulnerability was interesting because so many software packages use log4j code as a dependency, meaning that all dependent software was also vulnerable.
We briefly discuss the Log4j vulnerability, but then move to the bigger issue that allows these kinds of attacks: software supply chain.
Organizations were scrambling to understand their software supply chain *during an incident*. Instead, an organization can create a Software Bill of Materials (for free using open source tools) for their systems. Essentially, an inventory of all systems, software, and software dependencies in the organization.
SBOMs greatly assist in detecting vulnerable systems, mitigating risk to infrastructure, and possibly even helping with incident response and digital forensic investigations.
Thank you to all of our Patrons for sponsoring DFIR Science.
Especially The Ranting Geek. Thank you so much!
You need an SBOM.
00:00 Log4j vulnerability
00:27 Example Log4j malicious string
00:47 Why is the Log4j vulnerability interesting?
01:28 How modern software is built
02:07 Why are software supply chain vulnerabilities difficult?
03:33 Software Bill of Materials (SBOM)
04:03 Implications for incident response
04:32 How to help your clients
Microsoft uses the Software Package Data Exchange (SPDX) framework when talking about SBOM.
bit.ly/2Ij9Ojc - 👍 Subscribe for weekly videos
❤️ Get early access and bonus content - / dfirscience
Links:
* Exorcising the Ghost in the Machine - www.gigamon.com/content/dam/r...
* devblogs.microsoft.com/engine...
* github.com/anchore/syft
== Recommended Book ==
* Practical Vulnerability Management: A Strategic Approach to Managing Cyber Risk (amzn.to/3zNHSQi)
#log4j #SBOM #SPDX
010001000100011001010011011000110110100101100101011011100110001101100101
Help make DFIR tutorials
👍 Subscribe → bit.ly/2Ij9Ojc
🛒 Shop → swag.dfir.science
❤️ Patreon → / dfirscience
🕸️ Blog → DFIR.Science
🤖 Code → github.com/DFIRScience
🐦 Follow → / dfirscience
📰 DFIR Newsletter → bit.ly/DFIRNews
010100110111010101100010011100110110001101110010011010010110001001100101
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Please link back to the original video. If you want to use this video for commercial purposes, please contact us first. We would love to see what you are doing and will probably allow its use.