Background

Research by: Raman Ladutska, Aliaksandr Trafimchuk, David Driker, Yali Magiel Overview Trickbot and Emotet are considered some of the largest botnets in history. They both share a similar story: they were taken down and made a comeback. Check Point Research…

Given how ubiquitous log4j is, the impact of this vulnerability is quite severe. Learn how to fix Log4Shell, why it's bad, and what a working exploit requires in this post.

Hello everyone, it’s nothing new that Cloud environments have been dominating the market today, and among service providers, AWS is on the…

Includes log4j 2.15.0 which addresses CVE-2021-44228
What's New
Change History
Installation Guide
SHA-256: 99139c4a63a81135b3b63fe9997a012a6394a766c2c7f2ac5115ab53912d2a6c

Nullcon is an annual security conference which takes place in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security research. Submit CFP for Nullcon 1st Berlin edition in 2022.

Completion of the primary objective

Posted in r/netsec by u/clearlyarbitrary • 33 points and 9 comments

Posted in r/netsec by u/dn3t • 193 points and 23 comments

On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other…

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 - GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE...

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

CVE-2021-44228 (a.k.a. log4shell) is a Remote Code Execution vulnerability in the Apache Log4j library, a Java-based logging tool widely used in applications around the world.

If you're using log4j 2 in your infrastructure, this guide will help you understand how to check if you're impacted and show you how to quickly and securely mitigate the issue.

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v...

In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported on many occasions. In this intrusion, however, a BazarLoader infection resulted in deployment of Di…

Log4J is an open-source logging platform running on Java and built-in to many web platforms. Reports of exploitation started on December 9th.

Contribute to zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service development by creating an account on GitHub.