😰 Log4J vulnerability in detail and the bigger picture
https://ift.tt/3IPb261
Submitted December 16, 2021 at 09:06AM by susamn
via reddit https://ift.tt/30u5j3Z
https://ift.tt/3IPb261
Submitted December 16, 2021 at 09:06AM by susamn
via reddit https://ift.tt/30u5j3Z
Medium
😰 Log4J vulnerability in detail and the bigger picture
It’s a sad day for the Java community
Have You Noticed? There Are More Critical Vulnerabilities Than log4j
https://ift.tt/3yxL024
Submitted December 16, 2021 at 02:34PM by waymapsum
via reddit https://ift.tt/3GN1QwX
https://ift.tt/3yxL024
Submitted December 16, 2021 at 02:34PM by waymapsum
via reddit https://ift.tt/3GN1QwX
A strategy to land your first pentest job
https://ift.tt/3DXfxHP
Submitted December 16, 2021 at 04:30PM by Gallus
via reddit https://ift.tt/3saDr0r
https://ift.tt/3DXfxHP
Submitted December 16, 2021 at 04:30PM by Gallus
via reddit https://ift.tt/3saDr0r
Medium
A strategy to land your first pentest job
In this blog post, we are going to cover a strategy to help you get a job as a pentester or application security professional.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter Fork with some improvements.
https://ift.tt/3yAdJn1
Submitted December 16, 2021 at 05:34PM by v1brio
via reddit https://ift.tt/322i46K
https://ift.tt/3yAdJn1
Submitted December 16, 2021 at 05:34PM by v1brio
via reddit https://ift.tt/322i46K
GitHub
GitHub - ricardojba/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter. - ricardojba/noPac
Quick & Lazy Malware Development
https://ift.tt/3dTbou2
Submitted December 16, 2021 at 05:02PM by CaptMeelo
via reddit https://ift.tt/3oYZHrS
https://ift.tt/3dTbou2
Submitted December 16, 2021 at 05:02PM by CaptMeelo
via reddit https://ift.tt/3oYZHrS
Log4jScanner - free and open source log4j vulnerability scanner for internal networkz
https://ift.tt/3GPCC0Z
Submitted December 16, 2021 at 10:24PM by GelosSnake
via reddit https://ift.tt/327Yzth
https://ift.tt/3GPCC0Z
Submitted December 16, 2021 at 10:24PM by GelosSnake
via reddit https://ift.tt/327Yzth
Log4Sweater - A Christmas Sweater to commemorate 2021
https://ift.tt/33uuHHX
Submitted December 17, 2021 at 01:41AM by No-Order-1750
via reddit https://ift.tt/3p1W1WD
https://ift.tt/33uuHHX
Submitted December 17, 2021 at 01:41AM by No-Order-1750
via reddit https://ift.tt/3p1W1WD
Found a tool to locate log4j in containers!
https://ift.tt/3jBWsBa
Submitted December 17, 2021 at 01:21AM by Neo-Bubba
via reddit https://ift.tt/3e0tTwK
https://ift.tt/3jBWsBa
Submitted December 17, 2021 at 01:21AM by Neo-Bubba
via reddit https://ift.tt/3e0tTwK
Log4j exploits realtime honeypot logs (jndi)
https://ift.tt/3q9VktI
Submitted December 17, 2021 at 04:04AM by dbcid
via reddit https://ift.tt/3p1xeSn
https://ift.tt/3q9VktI
Submitted December 17, 2021 at 04:04AM by dbcid
via reddit https://ift.tt/3p1xeSn
reddit
r/netsec - Log4j exploits realtime honeypot logs (jndi)
58 votes and 1 comment so far on Reddit
Technical write up on a, “Doubly-Infected iPhone,” by Cytrox’s Predator and NSO’s Pegasus
https://ift.tt/3p16VvB
Submitted December 17, 2021 at 05:55AM by docker-osx
via reddit https://ift.tt/3yyDlRb
https://ift.tt/3p16VvB
Submitted December 17, 2021 at 05:55AM by docker-osx
via reddit https://ift.tt/3yyDlRb
The Citizen Lab
Pegasus vs. Predator
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour…
Q4 ThinsktScapes infosec research roundup
https://ift.tt/3yBuheE
Submitted December 17, 2021 at 09:10AM by ranok
via reddit https://ift.tt/3yCRBIW
https://ift.tt/3yBuheE
Submitted December 17, 2021 at 09:10AM by ranok
via reddit https://ift.tt/3yCRBIW
Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
https://ift.tt/3p56DUk
Submitted December 17, 2021 at 10:17AM by hardenedvault
via reddit https://ift.tt/30ApHAH
https://ift.tt/3p56DUk
Submitted December 17, 2021 at 10:17AM by hardenedvault
via reddit https://ift.tt/30ApHAH
reddit
r/netsec - Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
1 vote and 2 comments so far on Reddit
Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload)
https://ift.tt/3IXE5V2
Submitted December 17, 2021 at 03:23PM by freeqaz
via reddit https://ift.tt/3yB8gwh
https://ift.tt/3IXE5V2
Submitted December 17, 2021 at 03:23PM by freeqaz
via reddit https://ift.tt/3yB8gwh
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
reddit
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
Posted in r/netsec by u/itprofessional23 • 1 point and 0 comments
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://ift.tt/3yqDOVG
Submitted December 15, 2021 at 11:32PM by ansible
via reddit https://ift.tt/32902iP
https://ift.tt/3yqDOVG
Submitted December 15, 2021 at 11:32PM by ansible
via reddit https://ift.tt/32902iP
Blogspot
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit w...
Fail2ban / Regexp rule against LOG4J vuln
https://ift.tt/3sd4Kah
Submitted December 17, 2021 at 07:07PM by AGS42
via reddit https://ift.tt/3dYIFUL
https://ift.tt/3sd4Kah
Submitted December 17, 2021 at 07:07PM by AGS42
via reddit https://ift.tt/3dYIFUL
Gist
fail2ban filter rule for the log4j CVE-2021-44228 exploit
fail2ban filter rule for the log4j CVE-2021-44228 exploit - log4j-jndi.conf
So many updates in the Open-Source firmware scanner EMBA right before christmas. We have created a new teaser video to give you some insights ... Check it out https://ift.tt/3mYcCY2
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
GitHub
GitHub - e-m-b-a/emba: EMBA - The firmware security analyzer
EMBA - The firmware security analyzer. Contribute to e-m-b-a/emba development by creating an account on GitHub.
If You're Not Doing Continuous Asset Management You're Not Doing Security
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
Daniel Miessler
If You're Not Doing Continuous Asset Management You're Not Doing Security
A clear explanation for why asset management is so critical to a company's security posture, and why it should always be step zero.
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service (CVE-2021-45105)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
reddit
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service...
A community for technical news and discussion of information security and closely related topics.
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
reddit
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln...
Posted in r/netsec by u/ScottContini • 1 point and 0 comments
lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO