Help Net Security: 4 practical strategies for Log4j discovery

On December 27, 2021, NetSPI COO Charles Horton was featured as a guest writer for Help Net Security. Read the full article below or online here.


+ + +


For security teams scrambling to secure their organizations against Log4j exploitation, one of the first and most challenging tasks is understanding where Log4j exists within their environment. Without this understanding, any remediation efforts will be hamstrung from the get-go. Of course, this type of asset management can prove exceedingly difficult as Log4j is represented across thousands of products.


Still, even missing one vulnerable instance of Log4j can leave an organization at risk, which is why discovery is one of the most important steps in the remediation process. Below are four easy-to-implement vulnerability discovery strategies that can be used to assess an environment for vulnerable Log4j implementations.

Conduct full port vulnerability scanning


First, organizations should perform full port vulnerability scanning with service fingerprinting enabled. Scanning tools like Nmap can allow security teams to identify commonly abused protocols like HTTP and Remote Method Invocation (RMI). Vulnerability scanning tools can also identify RMI services that are hosted by Java applications. Teams can also conduct server layer vulnerability scanning with tools like Nessus or Nexpose to identify vulnerable Log4j instances by injecting into the top HTTP Header injection points. This process should take minimal effort if executed from a single location.


To go a step further, experts can use the Nessus or Nmap output to configure a tool such as  security practical strategies log4j discovery