Includes log4j 2.15.0 which addresses CVE-2021-44228
What's New
Change History
Installation Guide
SHA-256: 99139c4a63a81135b3b63fe9997a012a6394a766c2c7f2ac5115ab53912d2a6c

Nullcon is an annual security conference which takes place in Goa, India. The focus of the conference is to showcase the next generation of offensive and defensive security research. Submit CFP for Nullcon 1st Berlin edition in 2022.

Completion of the primary objective

Posted in r/netsec by u/clearlyarbitrary • 33 points and 9 comments

Posted in r/netsec by u/dn3t • 193 points and 23 comments

On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j2 versions prior to 2.15.0 was disclosed:

CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other…

A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228 - GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE...

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

CVE-2021-44228 (a.k.a. log4shell) is a Remote Code Execution vulnerability in the Apache Log4j library, a Java-based logging tool widely used in applications around the world.

If you're using log4j 2 in your infrastructure, this guide will help you understand how to check if you're impacted and show you how to quickly and securely mitigate the issue.

JNDI-Exploitation-Kit（A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps v...

In the past, threat actors have used BazarLoader to deploy Ryuk and Conti ransomware, as reported on many occasions. In this intrusion, however, a BazarLoader infection resulted in deployment of Di…

Log4J is an open-source logging platform running on Java and built-in to many web platforms. Reports of exploitation started on December 9th.

Contribute to zsolt-halo/Log4J-Log4Shell-CVE-2021-44228-Spring-Boot-Test-Service development by creating an account on GitHub.

Test driving the Log4Shell vulnerability with various versions of Java and observing the network egress connections

.Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Scanner & Exploit noPac - GitHub - ricardojba/Invoke-noPac: .Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Sca...

Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries. - GitHub - cyberstruggle/L4sh: Log4Shell RCE Exploit - fully independent exploit does not require any 3rd ...

Recently, a critical zero-day vulnerability was discovered in Apache Log4j, a Java logging tool. Here's why this vulnerability is particularly dangerous.