Atlassian Confluence - Zero Day Exploit- CVE-2022-26134 Explained with Detection and Mitigation

In this episode I have explained Atlassian Confluence - Zero Day Exploit which has been numbered as CVE-2022-26134. I have tried to explain it from timeline, history, demo perspective, mitigation, detection strategies everything. Most important part is to detect if a server has been exploited or not from a SecOps perspective, which has been explained in this video.

🔗LINK FOR everything- https://github.com/archanchoudhury/Co...

Over the Memorial Day weekend in the United States, Volexity conducted an incident response investigation involving two Internet-facing web servers belonging to one of its customers that were running Atlassian Confluence Server software. The investigation began after suspicious activity was detected on the hosts, which included JSP webshells being written to disk. Volexity immediately used Volexity Surge Collect Pro to collect system memory and key files from the Confluence Server systems for analysis. After a thorough review of the collected data, Volexity was able to determine the server compromise stemmed from an attacker launching an exploit to achieve remote code execution. Volexity was subsequently able to recreate that exploit and identify a zero-day vulnerability impacting fully up-to-date versions of Confluence Server.

Following the discovery and verification of this vulnerability, Volexity contacted Atlassian to report the relevant details on May 31, 2022. Atlassian has since confirmed the vulnerability and subsequently assigned the issue to CVE-2022-26134. It has been confirmed to work on current versions of Confluence Server and Data Center.

WATCH BELOW Playlists as well, if you want to make your career in DFIR and Security Operations!!
-------------------------------------------------------------------------------------------------------------------------
INCIDENT RESPONSE TRAINING Full Course 👉   • BlackPerl DFIR  || INCIDENT RESPONSE TRAIN...  
DFIR Free Tools and Techniques 👉    • BlackPerl DFIR || DFIR Tools and Techniques  
Windows and Memory Forensics 👉    • BlackPerl DFIR || Windows and Memory Foren...  
Malware Analysis 👉    • BlackPerl DFIR || Malware Analysis Series  
SIEM Tutorial 👉    • BlackPerl DFIR || Learn SIEM with me & Cre...  
Threat Hunt & Threat Intelligence 👉    • BlackPerl DFIR || Threat Hunt & Threat Int...  
Threat Hunt with Jupyter Notebook👉    • Threat Hunt with Jupyter Notebook  

📞📲
FOLLOW ME EVERYWHERE-
-------------------------------------------------------------------------------------------------------------------------
✔ LinkedIn:   / blackperl  
✔ You can reach out to me personally in LinkedIn as well- https://bit.ly/38ze4L5
✔ Twitter: @blackperl_dfir
✔ Git: https://github.com/archanchoudhury
✔ Insta: (blackperl_dfir)  / blackperl_dfir  
✔ Can be reached via [email protected]