Member-only story
LetsDefend: Incident Response Log4j RCE Exploit Analysis
4 min readDec 31, 2021
LetsDefend Log4j RCE Exploit walkthrough
Incident Response Life-Cycle
- Preparation
- Detection & Analysis
- Containment, Eradication & Recovery
- Lesson Learned
Preparation
We have received an alert SOC161 (Log4j RCE Exploit) and a brief note form an analyst about the event (EventID 111).
Detection & Analysis
Let's take a look at the logs and a quick look at the command history and process list from the Minecraft web server (192.168.10.69).
