Log4Shell Practice Exploitation Range in the Cloud - Automated Deployment and Testing

Explore a comprehensive conference talk on creating a Log4Shell practice exploitation range in the cloud. Learn about the Log4Shell vulnerability and its impact on cybersecurity during the 2021 holiday season. Discover how to set up exploitation targets in a personal AWS environment quickly and efficiently. Follow the step-by-step process of designing and implementing a cloud-based practice range, including detailed explanations of the Log4Shell vulnerability suitable for various experience levels. Understand the necessary modifications for exploiting common software deployment configurations and learn about automated deployment techniques. Gain insights into using Terraform and Ansible to configure networks and hosts within Amazon Web Services (AWS). Witness a live demonstration of range deployment and exploitation, presented by Karl Sickendick, an experienced cyber capability developer and Air Force Officer with backgrounds in Electrical Engineering and Computer Science.

2022-06-18, 13:00–, Track 1 UC Conference Rm A