The Story of an RCE on a Java Web Application
It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them for a while. This post is about a vulnerability I’ve found in this company that led to RCE.
https://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e
It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them for a while. This post is about a vulnerability I’ve found in this company that led to RCE.
https://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e
Medium
The Story of an RCE on a Java Web Application
It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…
Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package
On Thursday, December 9th, a 0-day exploit in the popular Java logging library log4j (version 2)
was discovered that results in Remote Code Execution (RCE), by logging a certain string.
Given how ubiquitous this library is, the impact of the exploit (full server control),
and how easy it is to exploit, the impact of this vulnerability is quite severe.
We're calling it "Log4Shell" for short.
The 0-day was tweeted along with a POC posted on GitHub. It has now been published as CVE-2021-44228.
https://www.lunasec.io/docs/blog/log4j-zero-day/Forwarded from Cyber Threat Intelligence
BleepingComputer
Ukrainian military agencies, state-owned banks hit by DDoS attacks
The Ministry of Defense and the Armed Forces of Ukraine and two of the country's state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.
Forwarded from SHELL SHOCK
Udemy
Linux Bash Scripting
Start with Bash noscripting and Automate Tasks
❤1👍1