#CVE-2021
#log4j
Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
https://github.com/Gyrfalc0n/scanlist-log4j
@BlueRedTeam
#log4j
Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
https://github.com/Gyrfalc0n/scanlist-log4j
@BlueRedTeam
GitHub
GitHub - Gyrfalc0n/scanlist-log4j: Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228) - GitHub - Gyrfalc0n/scanlist-log4j: Simple bash noscript to scan multiples url for log4j vulnerability (CVE-2021-44228)
#CVE-2021
#Log4j
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
https://github.com/MeterianHQ/log4j-vuln-coverage-check
@BlueRedTeam
#Log4j
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
https://github.com/MeterianHQ/log4j-vuln-coverage-check
@BlueRedTeam
GitHub
GitHub - MeterianHQ/log4j-vuln-coverage-check: A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related)
A simple project to check coverage of Log4J vuln CVE-2021-44228 (and related) - GitHub - MeterianHQ/log4j-vuln-coverage-check: A simple project to check coverage of Log4J vuln CVE-2021-44228 (and r...
#CVE-2021
#Log4Shell
A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
https://github.com/thomaspatzke/Log4Pot
@BlueRedTeam
#Log4Shell
A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
https://github.com/thomaspatzke/Log4Pot
@BlueRedTeam
GitHub
GitHub - thomaspatzke/Log4Pot: A honeypot for the Log4Shell vulnerability (CVE-2021-44228).
A honeypot for the Log4Shell vulnerability (CVE-2021-44228). - thomaspatzke/Log4Pot
#CVE-2021
#log4j2
Basic Vulnerable Spring Boot Application to Test CVE-2021-44228
https://github.com/recanavar/vuln_spring_log4j2
@BlueRedTeam
#log4j2
Basic Vulnerable Spring Boot Application to Test CVE-2021-44228
https://github.com/recanavar/vuln_spring_log4j2
@BlueRedTeam
GitHub
GitHub - recanavar/vuln_spring_log4j2: Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228
Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228 - GitHub - recanavar/vuln_spring_log4j2: Simple Vulnerable Spring Boot Application to Test the CVE-2021-44228
#CVE-2021
#log4j2
Scanner local em Python para localizar e identificar versões vulneráveis do Log4j2 em arquivos no disco com análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-scanner
@BlueRedTeam
#log4j2
Scanner local em Python para localizar e identificar versões vulneráveis do Log4j2 em arquivos no disco com análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-scanner
@BlueRedTeam
GitHub
GitHub - andalik/log4j-filescan: Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões…
Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, C...
#CVE-2021
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
@BlueRedTeam
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
@BlueRedTeam
GitHub
GitHub - safebuffer/sam-the-admin: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user - GitHub - safebuffer/sam-the-admin: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from st...
#CVE-2021
#log4Shell
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
https://github.com/gyaansastra/CVE-2021-44228
@BlueRedTeam
#log4Shell
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
https://github.com/gyaansastra/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - gyaansastra/CVE-2021-44228: Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
Log4Shell CVE-2021-44228 Vulnerability Scanner and POC - GitHub - gyaansastra/CVE-2021-44228: Log4Shell CVE-2021-44228 Vulnerability Scanner and POC
#CVE-2021
#log4j2
Scanner local em Python para varredura e localização de versões vulneráveis do Log4j2 em arquivos no disco, contemplando análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-filescan
@BlueRedTeam
#log4j2
Scanner local em Python para varredura e localização de versões vulneráveis do Log4j2 em arquivos no disco, contemplando análise interna de arquivos JAR (CVE-2021-44228 e CVE-2021-45046)
https://github.com/andalik/log4j-filescan
@BlueRedTeam
GitHub
GitHub - andalik/log4j-filescan: Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões…
Scanner recursivo de arquivos desenvolvido em Python 3 para localização e varredura de versões vulneráveis do Log4j2, contemplando análise interna de arquivos JAR (CVE-2021-44228, CVE-2021-45046, C...
#CVE-2021
#Log4j
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime
@BlueRedTeam
#Log4j
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046
https://github.com/DXC-StrikeForce/Burp-Log4j-HammerTime
@BlueRedTeam
GitHub
GitHub - DXC-StrikeForce/Burp-Log4j-HammerTime: Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and…
Burp Active Scan extension to identify Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046 - GitHub - DXC-StrikeForce/Burp-Log4j-HammerTime: Burp Active Scan extension to identify Log4j vulnera...
Forwarded from CyberSecurityResearch
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
#Log4Shell
@PentesterReference
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
#Log4Shell
@PentesterReference
Threat Post
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
#CVE-2021
#Log4j
Scans for Log4j versions effected by CVE-2021-44228
https://github.com/mergebase/log4j-detector
@BlueRedTeam
#Log4j
Scans for Log4j versions effected by CVE-2021-44228
https://github.com/mergebase/log4j-detector
@BlueRedTeam
GitHub
GitHub - mergebase/log4j-detector: A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021…
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J ins...
#CVE-2021
#Log4j
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
https://github.com/hozyx/log4shell
@BlueRedTeam
#Log4j
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
https://github.com/hozyx/log4shell
@BlueRedTeam
GitHub
GitHub - hozyx/log4shell: Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning…
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class. - GitHub - hozyx/log4...
#CVE-2021
#Log4j
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.
https://github.com/mergebase/log4j-samples
@BlueRedTeam
#Log4j
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.
https://github.com/mergebase/log4j-samples
@BlueRedTeam
GitHub
GitHub - mergebase/log4j-samples: Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for…
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. - GitHub - mergebase/log4j-samples: Samples of log4j lib...
#CVE-2021
#Log4Shell
Log4Shell Proof of Concept (CVE-2021-44228)
https://github.com/Kr0ff/CVE-2021-44228
@BlueRedTeam
#Log4Shell
Log4Shell Proof of Concept (CVE-2021-44228)
https://github.com/Kr0ff/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - Kr0ff/CVE-2021-44228: Log4Shell Proof of Concept (CVE-2021-44228)
Log4Shell Proof of Concept (CVE-2021-44228). Contribute to Kr0ff/CVE-2021-44228 development by creating an account on GitHub.
#CVE-2021
#Log4j
#Log4Shell
Log4j - Multitool. Find & fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment
https://github.com/suuhm/log4shell4shell
@BlueRedTeam
#Log4j
#Log4Shell
Log4j - Multitool. Find & fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment
https://github.com/suuhm/log4shell4shell
@BlueRedTeam
GitHub
GitHub - suuhm/log4shell4shell: Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete…
Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell - GitHub - suuhm/log4shell4shell: Log4shell ...
#Exploit
1. CVE-2021-45046:
Log4j 2.15.0 stills allows for exfiltration of sensitive data
https://www.praetorian.com/blog/log4j-2-15-0-stills-allows-for-exfiltration-of-sensitive-data
2. CVE-2021-41962:
Stored XSS in Vehicle Service Management System 1.0
in Sourcecodester
https://github.com/lohyt/-CVE-2021-41962
@BlueRedTeam
1. CVE-2021-45046:
Log4j 2.15.0 stills allows for exfiltration of sensitive data
https://www.praetorian.com/blog/log4j-2-15-0-stills-allows-for-exfiltration-of-sensitive-data
2. CVE-2021-41962:
Stored XSS in Vehicle Service Management System 1.0
in Sourcecodester
https://github.com/lohyt/-CVE-2021-41962
@BlueRedTeam
Praetorian
Log4j 2.15.0 stills allows for exfiltration of sensitive data
The Apache Software Foundation announced a new vulnerability in Log4j – CVE-2021-45046 – on December 14th. The vulnerability as described states that Log4j 2.15.0 can allow a local Denial of Service attack, but that impacts are limited. However, in our research…
#Red_Team
1. Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
2. AutoSUID is the project, the main idea of which is to automate harvesting the SUID executable files and to find
a way for further escalating the privileges
https://github.com/IvanGlinkin/AutoSUID
@BlueRedTeam
1. Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
2. AutoSUID is the project, the main idea of which is to automate harvesting the SUID executable files and to find
a way for further escalating the privileges
https://github.com/IvanGlinkin/AutoSUID
@BlueRedTeam
GitHub
GitHub - FULLSHADE/Auto-Elevate: Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit…
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation - FULLSHADE/Auto-Elevate
#Blue_Team
1. LOLBins Are No Laughing Matter:
How Attackers Operate Quietly
https://www.uptycs.com/blog/lolbins-are-no-laughing-matter
2. Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability
@BlueRedTeam
1. LOLBins Are No Laughing Matter:
How Attackers Operate Quietly
https://www.uptycs.com/blog/lolbins-are-no-laughing-matter
2. Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability
@BlueRedTeam
Uptycs
LOLBins Are No Laughing Matter: How Attackers Operate Quietly
Recent threat research on living off the land binaries and how it affects cloud security.
#CVE-2021
#Log4Shell
Test exploit of CVE-2021-44228
https://github.com/wajda/log4shell-test-exploit
@BlueRedTeam
#Log4Shell
Test exploit of CVE-2021-44228
https://github.com/wajda/log4shell-test-exploit
@BlueRedTeam
GitHub
GitHub - wajda/log4shell-test-exploit: Test exploit of CVE-2021-44228
Test exploit of CVE-2021-44228. Contribute to wajda/log4shell-test-exploit development by creating an account on GitHub.
#CVE-2021
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC
@BlueRedTeam
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC
@BlueRedTeam
GitHub
GitHub - ScorpionsMAX/CVE-2021-43798-Grafana-POC: CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数. Contribute to ScorpionsMAX/CVE-2021-43798-Grafana-POC development by creating an account on GitHub.
#CVE-2021
#Log4Shell
A lab demonstration of the log4shell vulnerability: CVE-2021-44228
https://github.com/obscuritylabs/log4shell-poc-lab
@BlueRedTeam
#Log4Shell
A lab demonstration of the log4shell vulnerability: CVE-2021-44228
https://github.com/obscuritylabs/log4shell-poc-lab
@BlueRedTeam
GitHub
GitHub - obscuritylabs/log4shell-poc-lab: A lab demonstration of the log4shell vulnerability: CVE-2021-44228
A lab demonstration of the log4shell vulnerability: CVE-2021-44228 - GitHub - obscuritylabs/log4shell-poc-lab: A lab demonstration of the log4shell vulnerability: CVE-2021-44228