Forwarded from CyberSecurityResearch
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
#Log4Shell
@PentesterReference
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
https://threatpost.com/apache-patch-log4shell-log4j-dos-attacks/177064/
#Log4Shell
@PentesterReference
Threat Post
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
Not only is the jaw-dropping flaw in the Apache Log4j logging library ubiquitous; Apache’s blanket of a quickly baked patch for Log4Shell also has holes.
#CVE-2021
#Log4j
Scans for Log4j versions effected by CVE-2021-44228
https://github.com/mergebase/log4j-detector
@BlueRedTeam
#Log4j
Scans for Log4j versions effected by CVE-2021-44228
https://github.com/mergebase/log4j-detector
@BlueRedTeam
GitHub
GitHub - mergebase/log4j-detector: A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021…
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J ins...
#CVE-2021
#Log4j
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
https://github.com/hozyx/log4shell
@BlueRedTeam
#Log4j
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class.
https://github.com/hozyx/log4shell
@BlueRedTeam
GitHub
GitHub - hozyx/log4shell: Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning…
Applications that are vulnerable to the log4j CVE-2021-44228/45046 issue may be detectable by scanning jar, war, ear, zip files to search for the presence of JndiLookup.class. - GitHub - hozyx/log4...
#CVE-2021
#Log4j
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.
https://github.com/mergebase/log4j-samples
@BlueRedTeam
#Log4j
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228.
https://github.com/mergebase/log4j-samples
@BlueRedTeam
GitHub
GitHub - mergebase/log4j-samples: Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for…
Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. - GitHub - mergebase/log4j-samples: Samples of log4j lib...
#CVE-2021
#Log4Shell
Log4Shell Proof of Concept (CVE-2021-44228)
https://github.com/Kr0ff/CVE-2021-44228
@BlueRedTeam
#Log4Shell
Log4Shell Proof of Concept (CVE-2021-44228)
https://github.com/Kr0ff/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - Kr0ff/CVE-2021-44228: Log4Shell Proof of Concept (CVE-2021-44228)
Log4Shell Proof of Concept (CVE-2021-44228). Contribute to Kr0ff/CVE-2021-44228 development by creating an account on GitHub.
#CVE-2021
#Log4j
#Log4Shell
Log4j - Multitool. Find & fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment
https://github.com/suuhm/log4shell4shell
@BlueRedTeam
#Log4j
#Log4Shell
Log4j - Multitool. Find & fix possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment
https://github.com/suuhm/log4shell4shell
@BlueRedTeam
GitHub
GitHub - suuhm/log4shell4shell: Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete…
Log4shell - Multi-Toolkit. Find, Fix & Test possible CVE-2021-44228 vulneraries - provides a complete LOG4SHELL test/attack environment on shell - GitHub - suuhm/log4shell4shell: Log4shell ...
#Exploit
1. CVE-2021-45046:
Log4j 2.15.0 stills allows for exfiltration of sensitive data
https://www.praetorian.com/blog/log4j-2-15-0-stills-allows-for-exfiltration-of-sensitive-data
2. CVE-2021-41962:
Stored XSS in Vehicle Service Management System 1.0
in Sourcecodester
https://github.com/lohyt/-CVE-2021-41962
@BlueRedTeam
1. CVE-2021-45046:
Log4j 2.15.0 stills allows for exfiltration of sensitive data
https://www.praetorian.com/blog/log4j-2-15-0-stills-allows-for-exfiltration-of-sensitive-data
2. CVE-2021-41962:
Stored XSS in Vehicle Service Management System 1.0
in Sourcecodester
https://github.com/lohyt/-CVE-2021-41962
@BlueRedTeam
Praetorian
Log4j 2.15.0 stills allows for exfiltration of sensitive data
The Apache Software Foundation announced a new vulnerability in Log4j – CVE-2021-45046 – on December 14th. The vulnerability as described states that Log4j 2.15.0 can allow a local Denial of Service attack, but that impacts are limited. However, in our research…
#Red_Team
1. Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
2. AutoSUID is the project, the main idea of which is to automate harvesting the SUID executable files and to find
a way for further escalating the privileges
https://github.com/IvanGlinkin/AutoSUID
@BlueRedTeam
1. Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
https://github.com/FULLSHADE/Auto-Elevate
2. AutoSUID is the project, the main idea of which is to automate harvesting the SUID executable files and to find
a way for further escalating the privileges
https://github.com/IvanGlinkin/AutoSUID
@BlueRedTeam
GitHub
GitHub - FULLSHADE/Auto-Elevate: Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit…
Escalate from a low-integrity Administrator account to NT AUTHORITY\SYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation - FULLSHADE/Auto-Elevate
#Blue_Team
1. LOLBins Are No Laughing Matter:
How Attackers Operate Quietly
https://www.uptycs.com/blog/lolbins-are-no-laughing-matter
2. Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability
@BlueRedTeam
1. LOLBins Are No Laughing Matter:
How Attackers Operate Quietly
https://www.uptycs.com/blog/lolbins-are-no-laughing-matter
2. Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability
@BlueRedTeam
Uptycs
LOLBins Are No Laughing Matter: How Attackers Operate Quietly
Recent threat research on living off the land binaries and how it affects cloud security.
#CVE-2021
#Log4Shell
Test exploit of CVE-2021-44228
https://github.com/wajda/log4shell-test-exploit
@BlueRedTeam
#Log4Shell
Test exploit of CVE-2021-44228
https://github.com/wajda/log4shell-test-exploit
@BlueRedTeam
GitHub
GitHub - wajda/log4shell-test-exploit: Test exploit of CVE-2021-44228
Test exploit of CVE-2021-44228. Contribute to wajda/log4shell-test-exploit development by creating an account on GitHub.
#CVE-2021
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC
@BlueRedTeam
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
https://github.com/ScorpionsMAX/CVE-2021-43798-Grafana-POC
@BlueRedTeam
GitHub
GitHub - ScorpionsMAX/CVE-2021-43798-Grafana-POC: CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数
CVE-2021-43798 Grafana 任意文件读取漏洞 POC+参数. Contribute to ScorpionsMAX/CVE-2021-43798-Grafana-POC development by creating an account on GitHub.
#CVE-2021
#Log4Shell
A lab demonstration of the log4shell vulnerability: CVE-2021-44228
https://github.com/obscuritylabs/log4shell-poc-lab
@BlueRedTeam
#Log4Shell
A lab demonstration of the log4shell vulnerability: CVE-2021-44228
https://github.com/obscuritylabs/log4shell-poc-lab
@BlueRedTeam
GitHub
GitHub - obscuritylabs/log4shell-poc-lab: A lab demonstration of the log4shell vulnerability: CVE-2021-44228
A lab demonstration of the log4shell vulnerability: CVE-2021-44228 - GitHub - obscuritylabs/log4shell-poc-lab: A lab demonstration of the log4shell vulnerability: CVE-2021-44228
#CVE-2021
#Log4j
PoC RCE Log4j CVE-2021-4428 para pruebas
https://github.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE
@BlueRedTeam
#Log4j
PoC RCE Log4j CVE-2021-4428 para pruebas
https://github.com/Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE
@BlueRedTeam
GitHub
GitHub - Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE: PoC RCE Log4j CVE-2021-4428 para pruebas
PoC RCE Log4j CVE-2021-4428 para pruebas. Contribute to Grupo-Kapa-7/CVE-2021-44228-Log4j-PoC-RCE development by creating an account on GitHub.
#CVE-2021
#Log4Shell
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
https://github.com/redhuntlabs/Log4JHunt
@BlueRedTeam
#Log4Shell
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
https://github.com/redhuntlabs/Log4JHunt
@BlueRedTeam
GitHub
GitHub - redhuntlabs/Log4JHunt: An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability.
An automated, reliable scanner for the Log4Shell (CVE-2021-44228) vulnerability. - redhuntlabs/Log4JHunt
#CVE-2021
#Log4j
CVE-2021-44228 vulnerability in Apache Log4j library
https://github.com/Heliferepo/log4j
@BlueRedTeam
#Log4j
CVE-2021-44228 vulnerability in Apache Log4j library
https://github.com/Heliferepo/log4j
@BlueRedTeam
#CVE-2021
#Log4j2
Log4j2 Vulnerability (CVE-2021-44228)
https://github.com/RenYuH/log4j-lookups-vulnerability
@BlueRedTeam
#Log4j2
Log4j2 Vulnerability (CVE-2021-44228)
https://github.com/RenYuH/log4j-lookups-vulnerability
@BlueRedTeam
GitHub
GitHub - RenYuH/log4j-lookups-vulnerability: Log4j2 Vulnerability (CVE-2021-44228)
Log4j2 Vulnerability (CVE-2021-44228). Contribute to RenYuH/log4j-lookups-vulnerability development by creating an account on GitHub.
#CVE-2021
#log4j
Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)
https://github.com/scheibling/py-log4shellscanner
@BlueRedTeam
#log4j
Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)
https://github.com/scheibling/py-log4shellscanner
@BlueRedTeam
GitHub
GitHub - scheibling/py-log4shellscanner: Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)
Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228) - GitHub - scheibling/py-log4shellscanner: Scanner for the Log4j vulnerability dubbed Log4Shell (CVE-2021-44228)
#CVE-2021
#Log4Shell
Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability
https://github.com/GroupePSA/log4shell-honeypot
@BlueRedTeam
#Log4Shell
Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability
https://github.com/GroupePSA/log4shell-honeypot
@BlueRedTeam
#CVE-2021
#Log4j
The noscript \"Py3-detect-log4j-12.2021.py\" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.
https://github.com/nx6110a5100/Py3-detect-log4j-12.2021
@BlueRedTeam
#Log4j
The noscript \"Py3-detect-log4j-12.2021.py\" developed in Python 3 is responsible for detecting whether a list of URLs are vulnerable to CVE-2021-44228.
https://github.com/nx6110a5100/Py3-detect-log4j-12.2021
@BlueRedTeam
#Blue_Team
Collection of PowerShell functinos and noscripts a Blue Teamer might use
https://github.com/tobor88/PowerShell-Blue-Team
@BlueRedTeam
Collection of PowerShell functinos and noscripts a Blue Teamer might use
https://github.com/tobor88/PowerShell-Blue-Team
@BlueRedTeam
GitHub
GitHub - tobor88/PowerShell-Blue-Team: Collection of PowerShell functinos and noscripts a Blue Teamer might use
Collection of PowerShell functinos and noscripts a Blue Teamer might use - tobor88/PowerShell-Blue-Team
#CVE-2021
#Log4Shell
Log4Shell (CVE-2021-44228) denoscription, exploitation and remediation
https://github.com/zane00/CVE-2021-44228
@BlueRedTeam
#Log4Shell
Log4Shell (CVE-2021-44228) denoscription, exploitation and remediation
https://github.com/zane00/CVE-2021-44228
@BlueRedTeam
GitHub
GitHub - zaneef/CVE-2021-44228: Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione
Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione - GitHub - zaneef/CVE-2021-44228: Log4Shell (CVE-2021-44228): Descrizione, Exploitation e Mitigazione