Simulation, Investigation and Response Towards Log4J Vulnerability (Log4Shell)

Log4Shell can destroy a business. The vulnerability affects Java Applications which are logging their data using a vulnerable version of Log4J. This library is being deployed in many Java applications. The impact of such vulnerability is arbitrary code execution, which gives an attacker full control over a server or a device. The severity of the issue is critical since attackers might use a variety of post- exploitation techniques to take a full advantage of the vulnerability. A simulation will be made to demonstrate the attack. It will be done through two virtual machines; one belongs to the victim and the other belongs to the attacker. After the demonstration attack has been done. We will look for the forensic evidence and the artifact that has been left. Finally, we will discuss the incident response phases that should be taken against such attacks. The Preparation Phase, The Detection and Analysis Phase, The Containment, Eradication and Recovery Phase, and The Post-Incident Activity Phase.