For the project, 15 minute presentation, a Powerpoint presentation (< 15 slides), and an annotated bibliography of the sources upon which you rely.
Research a known exploit of a vulnerability from within the past 3 years.
A high-level description of the vulnerability
A more detailed discussion of the vulnerability. You should start by looking up the CVE in the National Vulnerability Database and use that as a way to find additional references.
Analyze what STRIDE aspects apply to the vulnerability
Analyze what aspects of the CIA triad were impacted
How the vulnerability was discovered and disclosed
How it was exploited and the impact
How it was resolved
Research Process:
Your research should be done in a few separate phases:
1. Start with a general search to find an interesting case for analysis. You can Google for news stories, look at Google Project Zero, security focused blogs, newsletters, or YouTube channels, and similar sources to find a high-level discussion.
2. Find the CVE in the National Vulnerability Database. This will be a key step in getting sufficient technical details about the vulnerability and will lead you to additional resources.
3. Look for third party analysis, discussion of exploits, responses from the product owner, patches, and other related information pertaining to the vulnerability. Again, the CVE will be a good resource for this part.
As you find relevant sources that you will use, add it to the bibliography with a brief annotation. The annotation should provide a high-level summary of the source and why the purpose for which you are using the source. It could be helpful to highlight key quotes and/or excerpts as well.
Log4Shell: A Critical Vulnerability with Far-Reaching Impact
Introduction
In the ever-evolving landscape of cybersecurity, vulnerabilities emerge as potential weaknesses that can be exploited by malicious actors to gain unauthorized access to systems and data. Among the vulnerabilities that have captured significant attention in recent years is Log4Shell, a critical flaw in the Apache Log4j logging framework, a widely used tool for logging events in software applications. Discovered in December 2021, Log4Shell quickly gained notoriety due to its ease of exploitation and potential for widespread impact.
High-Level Description
Log4Shell, also known as CVE-2021-44228, is a remote code execution (RCE) vulnerability that allows an unauthenticated attacker to execute arbitrary code on a vulnerable server. This means that an attacker can gain complete control of the affected system, potentially leading to data breaches, ransomware attacks, and other severe consequences.
Detailed Discussion
Log4Shell stems from a flaw in the way Log4j processes user-supplied data. When a vulnerable application logs user-supplied data containing a special pattern, Log4j interprets it as a command and executes it. This allows an attacker to craft a malicious payload that, when logged, triggers the execution of arbitrary code on the server.
STRIDE Analysis
STRIDE is a mnemonic device used in threat modeling to identify potential security vulnerabilities. Applying STRIDE to Log4Shell reveals the following vulnerabilities:
CIA Triad Analysis
The CIA triad is a security model that emphasizes the importance of protecting the confidentiality, integrity, and availability of information systems. Log4Shell poses a significant threat to all three aspects of the CIA triad:
Discovery and Disclosure
Log4Shell was discovered by security researcher Yunyang Liu of Alibaba Cloud Security Team. Liu responsibly disclosed the vulnerability to the Apache Log4j project on December 9, 2021. The vulnerability was assigned the CVE identifier CVE-2021-44228.
Exploitation and Impact
Log4Shell was quickly exploited by malicious actors after its disclosure. The vulnerability was used in a wide range of attacks, including ransomware attacks, data breaches, and supply chain attacks. The impact of Log4Shell was widespread, affecting millions of systems worldwide.
Resolution
Apache Log4j released patches to address Log4Shell shortly after its disclosure. System administrators were urged to apply the patches immediately to mitigate the risk of attack. Additionally, organizations were advised to review their security logs for signs of Log4Shell exploitation.
Conclusion
Log4Shell stands as a stark reminder of the ever-present threat of cyberattacks. Its widespread impact and ease of exploitation underscore the importance of proactive vulnerability management and timely patching. As organizations continue to rely on open-source software, the need for rigorous security practices and responsible disclosure remains paramount.