#CVE-2021
#Log4J
Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
https://github.com/corneacristian/Log4J-CVE-2021-44228-RCE
@BlueRedTeam
#Log4J
Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
https://github.com/corneacristian/Log4J-CVE-2021-44228-RCE
@BlueRedTeam
GitHub
GitHub - corneacristian/Log4J-CVE-2021-44228-RCE: Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE) - GitHub - corneacristian/Log4J-CVE-2021-44228-RCE: Log4J (CVE-2021-44228) Exploit with Remote Command Execution (RCE)
#CVE-2021
#Nmap
#log4Shell
Nmap NSE noscripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
https://github.com/Diverto/nse-log4shell
@BlueRedTeam
#Nmap
#log4Shell
Nmap NSE noscripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
https://github.com/Diverto/nse-log4shell
@BlueRedTeam
GitHub
GitHub - Diverto/nse-log4shell: Nmap NSE noscripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228)
Nmap NSE noscripts to check against log4shell or LogJam vulnerabilities (CVE-2021-44228) - Diverto/nse-log4shell
👍1
#CVE-2021
#log4Shell
pure pythonic python RCE for CVE-2021-44228 log4shell
https://github.com/dotPY-hax/log4py
@BlueRedTeam
#log4Shell
pure pythonic python RCE for CVE-2021-44228 log4shell
https://github.com/dotPY-hax/log4py
@BlueRedTeam
GitHub
GitHub - dotPY-hax/log4py: pythonic pure python RCE exploit for CVE-2021-44228 log4shell
pythonic pure python RCE exploit for CVE-2021-44228 log4shell - GitHub - dotPY-hax/log4py: pythonic pure python RCE exploit for CVE-2021-44228 log4shell
#CVE-2021
#log4j2
Test locally an exploit for Log4J2's CVE-2021-44228 (Log4Shell)
https://github.com/sunnyvale-it/CVE-2021-44228-PoC
@BlueRedTeam
#log4j2
Test locally an exploit for Log4J2's CVE-2021-44228 (Log4Shell)
https://github.com/sunnyvale-it/CVE-2021-44228-PoC
@BlueRedTeam
GitHub
GitHub - sunnyvale-it/CVE-2021-44228-PoC: CVE-2021-44228 (Log4Shell) Proof of Concept
CVE-2021-44228 (Log4Shell) Proof of Concept. Contribute to sunnyvale-it/CVE-2021-44228-PoC development by creating an account on GitHub.
#CVE-2021
#Red_Team
#Blue_Team
Some files for red team/blue team investigations into CVE-2021-44228
https://github.com/kimobu/cve-2021-44228
@BlueRedTeam
#Red_Team
#Blue_Team
Some files for red team/blue team investigations into CVE-2021-44228
https://github.com/kimobu/cve-2021-44228
@BlueRedTeam
GitHub
GitHub - kimobu/cve-2021-44228: Some files for red team/blue team investigations into CVE-2021-44228
Some files for red team/blue team investigations into CVE-2021-44228 - GitHub - kimobu/cve-2021-44228: Some files for red team/blue team investigations into CVE-2021-44228
#CVE-2021
Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.
https://github.com/KainsRache/anti-jndi
@BlueRedTeam
Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers.
https://github.com/KainsRache/anti-jndi
@BlueRedTeam
GitHub
GitHub - KainsRache/anti-jndi: Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common…
Fun things against the abuse of the recent CVE-2021-44228 (Log4Shell) vulnerability using common web servers. - GitHub - KainsRache/anti-jndi: Fun things against the abuse of the recent CVE-2021-44...
#CVE-2021
#Log4j
fail2ban filter that catches attacks againts log4j CVE-2021-44228
https://github.com/atnetws/fail2ban-log4j
@BlueRedTeam
#Log4j
fail2ban filter that catches attacks againts log4j CVE-2021-44228
https://github.com/atnetws/fail2ban-log4j
@BlueRedTeam
GitHub
GitHub - atnetws/fail2ban-log4j: fail2ban filter that catches attacks againts log4j CVE-2021-44228
fail2ban filter that catches attacks againts log4j CVE-2021-44228 - atnetws/fail2ban-log4j
#CVE-2021
#Log4j
This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).
https://github.com/pedrohavay/exploit-CVE-2021-44228
@BlueRedTeam
#Log4j
This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).
https://github.com/pedrohavay/exploit-CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - pedrohavay/exploit-CVE-2021-44228: This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228).
This is a proof-of-concept exploit for Log4j RCE Unauthenticated (CVE-2021-44228). - pedrohavay/exploit-CVE-2021-44228
#CVE-2021
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes
https://github.com/0xRyan/log4j-nullroute
@BlueRedTeam
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes
https://github.com/0xRyan/log4j-nullroute
@BlueRedTeam
GitHub
GitHub - 0xRyan/log4j-nullroute: Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes
Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes - GitHub - 0xRyan/log4j-nullroute: Ingest GreyNoise.io malicious feed for CVE-2021-44228 and apply null routes
LaserShark.pdf
1.5 MB
#Red_Team
"LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems", 2021.
// A novel approach to infiltrate data to air-gapped systems without any additional hardware on-site. By aiming lasers at already built-in LEDs and recording their response, we are the first to enable a long-distance (25 m), covert communication channel. The approach can be used against any office device that operates LEDs at the CPU’s GPIO interface...
@BlueRedTeam
"LaserShark: Establishing Fast, Bidirectional Communication into Air-Gapped Systems", 2021.
// A novel approach to infiltrate data to air-gapped systems without any additional hardware on-site. By aiming lasers at already built-in LEDs and recording their response, we are the first to enable a long-distance (25 m), covert communication channel. The approach can be used against any office device that operates LEDs at the CPU’s GPIO interface...
@BlueRedTeam
#CVE-2021
a fast check, if your server could be vulnerable to CVE-2021-44228
https://github.com/rubo77/log4j_checker_beta
@BlueRedTeam
a fast check, if your server could be vulnerable to CVE-2021-44228
https://github.com/rubo77/log4j_checker_beta
@BlueRedTeam
GitHub
GitHub - rubo77/log4j_checker_beta: a fast check, if your server could be vulnerable to CVE-2021-44228
a fast check, if your server could be vulnerable to CVE-2021-44228 - rubo77/log4j_checker_beta
#CVE-2021
#Log4Shell
#Log4j
Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka \"Log4Shell.\"
https://github.com/alerithe/log4noshell
@BlueRedTeam
#Log4Shell
#Log4j
Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka \"Log4Shell.\"
https://github.com/alerithe/log4noshell
@BlueRedTeam
GitHub
GitHub - winnpixie/log4noshell: Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell."
Java agent that disables Apache Log4J's JNDI Lookup. Fixes CVE-2021-44228, aka "Log4Shell." - GitHub - winnpixie/log4noshell: Java agent that disables Apache Log4J'...
#CVE-2021
#Log4j
Scanner for Log4j RCE CVE-2021-44228
https://github.com/thecyberneh/Log4j-RCE-Exploiter
@BlueRedTeam
#Log4j
Scanner for Log4j RCE CVE-2021-44228
https://github.com/thecyberneh/Log4j-RCE-Exploiter
@BlueRedTeam
GitHub
GitHub - thecyberneh/Log4j-RCE-Exploiter: Scanner for Log4j RCE CVE-2021-44228
Scanner for Log4j RCE CVE-2021-44228. Contribute to thecyberneh/Log4j-RCE-Exploiter development by creating an account on GitHub.
#CVE-2021
#Log4j
Log4J CVE-2021-44228 : Mitigation for different environments
https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228
@BlueRedTeam
#Log4j
Log4J CVE-2021-44228 : Mitigation for different environments
https://github.com/thedevappsecguy/Log4J-Mitigation-CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832: Log4J CVE-2021-44228…
Log4J CVE-2021-44228 : Mitigation Cheat Sheet. Contribute to thedevappsecguy/Log4J-Mitigation-CVE-2021-44228--CVE-2021-45046--CVE-2021-45105--CVE-2021-44832 development by creating an account on Gi...
#CVE-2021
#Log4j
CVE-2021-44228 log4j mitigation using aws wafv2 with ansible
https://github.com/markuman/aws-log4j-mitigations
@BlueRedTeam
#Log4j
CVE-2021-44228 log4j mitigation using aws wafv2 with ansible
https://github.com/markuman/aws-log4j-mitigations
@BlueRedTeam
GitHub
GitHub - markuman/aws-log4j-mitigations: CVE-2021-44228 log4j mitigation using aws wafv2 with ansible
CVE-2021-44228 log4j mitigation using aws wafv2 with ansible - GitHub - markuman/aws-log4j-mitigations: CVE-2021-44228 log4j mitigation using aws wafv2 with ansible
#Log4j
#CVE-2021
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
https://github.com!/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet
@BlueRedTeam
#CVE-2021
Log4J CVE-2021-44228 : Mitigation Cheat Sheet
https://github.com!/thedevappsecguy/Log4J-CVE-2021-44228-Mitigation-Cheat-Sheet
@BlueRedTeam
GitHub
GitHub · Change is constant. GitHub keeps you ahead.
Join the world's most widely adopted, AI-powered developer platform where millions of developers, businesses, and the largest open source community build software that advances humanity.
#CVE-2021
#log4j
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
https://github.com/fullhunt/log4j-scan
@BlueRedTeam
#log4j
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
https://github.com/fullhunt/log4j-scan
@BlueRedTeam
GitHub
GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 - GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE...
#Blue_Team
1. Exploit samAccountName spoofing with Kerberos
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing
2. Log4Shell: Reconnaissance and post exploitation network detection - includes numerous Suricata_IDS
rules and IoCs
https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection
@BlueRedTeam
1. Exploit samAccountName spoofing with Kerberos
https://cloudbrothers.info/en/exploit-kerberos-samaccountname-spoofing
2. Log4Shell: Reconnaissance and post exploitation network detection - includes numerous Suricata_IDS
rules and IoCs
https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection
@BlueRedTeam
cloudbrothers.info
Exploit samAccountName spoofing with Kerberos
When Microsoft released the November 2021 patches, the following CVEs caught the eye of many security professionals because they allow impersonation of a domain controller in an Active Directory environment.
CVE-2021-42278 - KB5008102 Active Directory Security…
CVE-2021-42278 - KB5008102 Active Directory Security…
#CVE-2021
#Log4j
A lab for playing around with the Log4J CVE-2021-44228
https://github.com/tuyenee/Log4shell
@BlueRedTeam
#Log4j
A lab for playing around with the Log4J CVE-2021-44228
https://github.com/tuyenee/Log4shell
@BlueRedTeam
GitHub
GitHub - tuyenee/Log4shell: A lab for playing around with the Log4J CVE-2021-44228
A lab for playing around with the Log4J CVE-2021-44228 - GitHub - tuyenee/Log4shell: A lab for playing around with the Log4J CVE-2021-44228