From 381ebf0da97dd44bc10f813cff9ce06de05f38dd Mon Sep 17 00:00:00 2001 From: James Blair Date: Wed, 23 Oct 2024 11:22:12 +1300 Subject: [PATCH] Add some pressure to exercise 4. --- data/workshop/exercise4.mdx | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/data/workshop/exercise4.mdx b/data/workshop/exercise4.mdx index 89b55c0..4d93306 100644 --- a/data/workshop/exercise4.mdx +++ b/data/workshop/exercise4.mdx @@ -21,7 +21,7 @@ You're looking over the RHACS Dashboard together in the RHACS console. You and Angie both spot it at the same time... -The core banking payments processor namespace `prd-acme-payments` is vulnerable to the critical log4j vulnerability 😱 +The core banking payments processor namespace `prd-acme-payments` is vulnerable to the critical log4shell vulnerability 😱 ![panic](/static/images/security/panik.png) @@ -47,6 +47,8 @@ If you've successfully secured the banks vulnerable payments processor please po > Please review [team name] solution for exercise 4, our payments processor application is now unhackable. +WARNING: The hackathon team will perform a brief penetration test of the application. If your application is not actually secured and remains exploitable by the log4shell vulnerability one of your OpenShift cluster nodes will be deleted for the lulz. No pressure! + This exercise is worth `25` points. The event team will reply in slack to confirm your updated team total score 🎉 ![safe](/static/images/security/hack-prevented.png)