#CVE-2021
#Log4Shell
Local Bytecode Scanner for Log4JShell Vulnerability (CVE-2021-44228)
https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector
@BlueRedTeam
#Log4Shell
Local Bytecode Scanner for Log4JShell Vulnerability (CVE-2021-44228)
https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector
@BlueRedTeam
GitHub
GitHub - CodeShield-Security/Log4JShell-Bytecode-Detector: Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228) - GitHub - CodeShield-Security/Log4JShell-Bytecode-Detector: Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-20...
#CVE-2021
#Log4Shell
Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)
https://github.com/korteke/log4shell-demo
@BlueRedTeam
#Log4Shell
Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)
https://github.com/korteke/log4shell-demo
@BlueRedTeam
GitHub
GitHub - korteke/log4shell-demo: Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)
Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228) - GitHub - korteke/log4shell-demo: Simple webapp that is vulnerable to Log4Shell (CVE-2021-44228)
#CVE-2021
#Log4j
Burp extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
https://github.com/DXC-StrikeForce/Burp-Log4Shell-Active-Scanner
@BlueRedTeam
#Log4j
Burp extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
https://github.com/DXC-StrikeForce/Burp-Log4Shell-Active-Scanner
@BlueRedTeam
#CVE-2021
#Log4j
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 an CVE-2021-45046
https://github.com/freskimo/Burp-Log4j-HammerTime
@BlueRedTeam
#Log4j
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 an CVE-2021-45046
https://github.com/freskimo/Burp-Log4j-HammerTime
@BlueRedTeam
#CVE-2021
#log4j
Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
https://github.com/Gyrfalc0n/scanlist-log4j
@BlueRedTeam
#log4j
Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
https://github.com/Gyrfalc0n/scanlist-log4j
@BlueRedTeam
GitHub
GitHub - Gyrfalc0n/scanlist-log4j: Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228) - GitHub - Gyrfalc0n/scanlist-log4j: Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
#CVE-2021
#Log4j
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
https://github.com/MeterianHQ/log4j-vuln-coverage-check
@BlueRedTeam
#Log4j
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
https://github.com/MeterianHQ/log4j-vuln-coverage-check
@BlueRedTeam
GitHub
GitHub - MeterianHQ/log4j-vuln-coverage-check: A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related) - GitHub - MeterianHQ/log4j-vuln-coverage-check: A simple project to check coverage of Log4J vuln CVE-2021-44228 (and r...
#CVE-2021
#Log4Shell
A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
https://github.com/thomaspatzke/Log4Pot
@BlueRedTeam
#Log4Shell
A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
https://github.com/thomaspatzke/Log4Pot
@BlueRedTeam
GitHub
GitHub - thomaspatzke/Log4Pot: A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
A honeypot for the Log4Shell vulnerability (CVE-2021-44228). - thomaspatzke/Log4Pot
#CVE-2021
#log4j2
Basic Vulnerable Spring Boot Application to Test CVE-2021-44228
https://github.com/recanavar/vuln_spring_log4j2
@BlueRedTeam
#log4j2
Basic Vulnerable Spring Boot Application to Test CVE-2021-44228
https://github.com/recanavar/vuln_spring_log4j2
@BlueRedTeam
GitHub
GitHub - recanavar/vuln_spring_log4j2: Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228
Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228 - GitHub - recanavar/vuln_spring_log4j2: Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228
#CVE-2021
#log4j2
Scanner local em Python para localizar e identificar versões vulneráveis do Log4j2 em arquivos no disco com análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-scanner
@BlueRedTeam
#log4j2
Scanner local em Python para localizar e identificar versões vulneráveis do Log4j2 em arquivos no disco com análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-scanner
@BlueRedTeam
GitHub
GitHub - andalik/log4j-filescan: Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões…
Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, C...
#CVE-2021
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
@BlueRedTeam
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
@BlueRedTeam
GitHub
GitHub - safebuffer/sam-the-admin: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user - GitHub - safebuffer/sam-the-admin: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from st...
#CVE-2021
#log4Shell
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
https://github.com/gyaansastra/CVE-2021-44228
@BlueRedTeam
#log4Shell
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
https://github.com/gyaansastra/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - gyaansastra/CVE-2021-44228: Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC - GitHub - gyaansastra/CVE-2021-44228: Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
#CVE-2021
#log4j2
Scanner local em Python para varredura e localização de versões vulneráveis do Log4j2 em arquivos no disco, contemplando análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-filescan
@BlueRedTeam
#log4j2
Scanner local em Python para varredura e localização de versões vulneráveis do Log4j2 em arquivos no disco, contemplando análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-filescan
@BlueRedTeam
GitHub
GitHub - andalik/log4j-filescan: Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões…
Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, C...
#CVE-2021
#Log4j
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime
@BlueRedTeam
#Log4j
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime
@BlueRedTeam
GitHub
GitHub - DXC-StrikeForce/Burp-Log4j-HammerTime: Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and…
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 - GitHub - DXC-StrikeForce/Burp-Log4j-HammerTime: Burp Active Scan extension to identify Log4j vulnera...
Forwarded from CyberSecurityResearch
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
#Log4Shell
@PentesterReference
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
#Log4Shell
@PentesterReference
Threat Post
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
#CVE-2021
#Log4j
Scans for Log4j versions effected by CVE-2021-44228
https://github.com/mergebase/log4j-detector
@BlueRedTeam
#Log4j
Scans for Log4j versions effected by CVE-2021-44228
https://github.com/mergebase/log4j-detector
@BlueRedTeam
GitHub
GitHub - mergebase/log4j-detector: A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021…
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J ins...
#CVE-2021
#Log4j
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
https://github.com/hozyx/log4shell
@BlueRedTeam
#Log4j
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
https://github.com/hozyx/log4shell
@BlueRedTeam
GitHub
GitHub - hozyx/log4shell: Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning…
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class. - GitHub - hozyx/log4...
#CVE-2021
#Log4j
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.
https://github.com/mergebase/log4j-samples
@BlueRedTeam
#Log4j
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.
https://github.com/mergebase/log4j-samples
@BlueRedTeam
GitHub
GitHub - mergebase/log4j-samples: Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for…
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. - GitHub - mergebase/log4j-samples: Samples of log4j lib...
#CVE-2021
#Log4Shell
Log4Shell Proof of Concept (CVE-2021-44228)
https://github.com/Kr0ff/CVE-2021-44228
@BlueRedTeam
#Log4Shell
Log4Shell Proof of Concept (CVE-2021-44228)
https://github.com/Kr0ff/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - Kr0ff/CVE-2021-44228: Log4Shell Proof of Concept (CVE-2021-44228)
Log4Shell Proof of Concept (CVE-2021-44228). Contribute to Kr0ff/CVE-2021-44228 development by creating an account on GitHub.
#CVE-2021
#Log4j
#Log4Shell
Log4j - Multitool. Find & fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment
https://github.com/suuhm/log4shell4shell
@BlueRedTeam
#Log4j
#Log4Shell
Log4j - Multitool. Find & fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment
https://github.com/suuhm/log4shell4shell
@BlueRedTeam
GitHub
GitHub - suuhm/log4shell4shell: Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete…
Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell - GitHub - suuhm/log4shell4shell: Log4shell ...
#Exploit
1. CVE-2021-45046:
Log4j 2.15.0 stills allows for exfiltration of sensitive data
https://www.praetorian.com/blog/log4j-2-15-0-stills-allows-for-exfiltration-of-sensitive-data
2. CVE-2021-41962:
Stored XSS in Vehicle Service Management System 1.0
in Sourcecodester
https://github.com/lohyt/-CVE-2021-41962
@BlueRedTeam
1. CVE-2021-45046:
Log4j 2.15.0 stills allows for exfiltration of sensitive data
https://www.praetorian.com/blog/log4j-2-15-0-stills-allows-for-exfiltration-of-sensitive-data
2. CVE-2021-41962:
Stored XSS in Vehicle Service Management System 1.0
in Sourcecodester
https://github.com/lohyt/-CVE-2021-41962
@BlueRedTeam
Praetorian
Log4j 2.15.0 stills allows for exfiltration of sensitive data
The Apache Software Foundation announced a new vulnerability in Log4j – CVE-2021-45046 – on December 14th. The vulnerability as described states that Log4j 2.15.0 can allow a local Denial of Service attack, but that impacts are limited. However, in our research…
#Red_Team
1. Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
2. AutoSUID is the project, the main idea of which is to automate harvesting the SUID executable files and to find
a way for further escalating the privileges
https://github.com/IvanGlinkin/AutoSUID
@BlueRedTeam
1. Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
2. AutoSUID is the project, the main idea of which is to automate harvesting the SUID executable files and to find
a way for further escalating the privileges
https://github.com/IvanGlinkin/AutoSUID
@BlueRedTeam
GitHub
GitHub - FULLSHADE/Auto-Elevate: Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit…
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation - FULLSHADE/Auto-Elevate