In December 2021, the Java world was rocked by the discovery that the log4j framework contains a remote code execution vulnerability. How could a simple logging operation allow an attacker to execute code on your server and do virtually anything they like?

This talk will explain the log4Shell vulnerability and the mechanism that turns a log message into code execution. The talk will also cover important security concepts that you can use in the future to secure your applications.