On Thursday (December 9th), a 0-day exploit in the popular Java logging library log4j (version 2) was discovered that results in Remote Code Execution (RCE) by logging a certain string. Given how ...

Little recap of the log4j2 remote code execution (CVE-2021-44228) - GitHub - cbuschka/log4j2-rce-recap: Little recap of the log4j2 remote code execution (CVE-2021-44228)

In this Project, I played both roles Red as a Pentester and Blue as an Analyst. After I was done with both the Red and Blue team testing and analyzing I created a presentation of my findings. - Fis...

A noscript that checks for vulnerable Log4j (CVE-2021-44228) systems using injection of the payload in common HTTP headers. - NorthwaveSecurity/log4jcheck

Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) - fox-it/log4j-finder

Bash and PowerShell noscripts to scan a local filesystem for Log4j .jar files which could be vulnerable to CVE-2021-44228 aka Log4Shell. - GitHub - Occamsec/log4j-checker: Bash and PowerShell noscripts...

log4j version 1 with a patch for CVE-2021-44228 vulnerability - GitHub - p3dr16k/log4j-1.2.15-mod: log4j version 1 with a patch for CVE-2021-44228 vulnerability

The vulnerability, which can allow an attacker to execute arbitrary code by sending crafted log messages, has been identified as CVE-2021-44228 and given the name Log4Shell. - GitHub - ReynerGonzal...

CVE-2021-44228. Contribute to ShaneKingBlog/org.shaneking.demo.cve.y2021.s44228 development by creating an account on GitHub.

Repo containing all info, noscripts, etc. related to CVE-2021-44228 - wortell/log4j

A collection of Red Team focused tools, noscripts, and notes - threatexpress/red-team-noscripts

Internal network honeypot for detecting if an attacker or insider threat scans your network for log4j CVE-2021-44228 - BinaryDefense/log4j-honeypot-flask

Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system - hupe...

Tools for investigating Log4j CVE-2021-44228. Contribute to MalwareTech/Log4jTools development by creating an account on GitHub.

As the Red Team, you will attack a vulnerable VM within your environment, ultimately gaining root access to the machine. As Blue Team, you will use Kibana to review logs taken during their Day 1 en...

Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell) - GitHub - guerzon/log4shellpoc: Simple Spring Boot application vulnerable to CVE-2021-44228 (a.k.a log4shell)

A firewall reverse proxy for preventing Log4J (Log4Shell aka CVE-2021-44228) attacks. - mufeedvh/log4jail