Log4j exploits realtime honeypot logs (jndi)
https://ift.tt/3q9VktI
Submitted December 17, 2021 at 04:04AM by dbcid
via reddit https://ift.tt/3p1xeSn
https://ift.tt/3q9VktI
Submitted December 17, 2021 at 04:04AM by dbcid
via reddit https://ift.tt/3p1xeSn
reddit
r/netsec - Log4j exploits realtime honeypot logs (jndi)
58 votes and 1 comment so far on Reddit
Technical write up on a, “Doubly-Infected iPhone,” by Cytrox’s Predator and NSO’s Pegasus
https://ift.tt/3p16VvB
Submitted December 17, 2021 at 05:55AM by docker-osx
via reddit https://ift.tt/3yyDlRb
https://ift.tt/3p16VvB
Submitted December 17, 2021 at 05:55AM by docker-osx
via reddit https://ift.tt/3yyDlRb
The Citizen Lab
Pegasus vs. Predator
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour…
Q4 ThinsktScapes infosec research roundup
https://ift.tt/3yBuheE
Submitted December 17, 2021 at 09:10AM by ranok
via reddit https://ift.tt/3yCRBIW
https://ift.tt/3yBuheE
Submitted December 17, 2021 at 09:10AM by ranok
via reddit https://ift.tt/3yCRBIW
Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
https://ift.tt/3p56DUk
Submitted December 17, 2021 at 10:17AM by hardenedvault
via reddit https://ift.tt/30ApHAH
https://ift.tt/3p56DUk
Submitted December 17, 2021 at 10:17AM by hardenedvault
via reddit https://ift.tt/30ApHAH
reddit
r/netsec - Risk analysis of Log4Shell (CVE-2021-44228) and mitigation
1 vote and 2 comments so far on Reddit
Log4Shell Update: Full bypass found in log4j 2.15.0, enabling RCE again (with payload)
https://ift.tt/3IXE5V2
Submitted December 17, 2021 at 03:23PM by freeqaz
via reddit https://ift.tt/3yB8gwh
https://ift.tt/3IXE5V2
Submitted December 17, 2021 at 03:23PM by freeqaz
via reddit https://ift.tt/3yB8gwh
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
https://ift.tt/3e0aTOJ
Submitted December 17, 2021 at 02:56PM by itprofessional23
via reddit https://ift.tt/3E21Mrh
reddit
[LOG4J2-3230] Certain strings can cause infinite recursion - ASF JIRA
Posted in r/netsec by u/itprofessional23 • 1 point and 0 comments
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://ift.tt/3yqDOVG
Submitted December 15, 2021 at 11:32PM by ansible
via reddit https://ift.tt/32902iP
https://ift.tt/3yqDOVG
Submitted December 15, 2021 at 11:32PM by ansible
via reddit https://ift.tt/32902iP
Blogspot
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit w...
Fail2ban / Regexp rule against LOG4J vuln
https://ift.tt/3sd4Kah
Submitted December 17, 2021 at 07:07PM by AGS42
via reddit https://ift.tt/3dYIFUL
https://ift.tt/3sd4Kah
Submitted December 17, 2021 at 07:07PM by AGS42
via reddit https://ift.tt/3dYIFUL
Gist
fail2ban filter rule for the log4j CVE-2021-44228 exploit
fail2ban filter rule for the log4j CVE-2021-44228 exploit - log4j-jndi.conf
So many updates in the Open-Source firmware scanner EMBA right before christmas. We have created a new teaser video to give you some insights ... Check it out https://ift.tt/3mYcCY2
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
https://ift.tt/3mYcCY2
Submitted December 17, 2021 at 08:19PM by _m-1-k-3_
via reddit https://ift.tt/324LVeM
GitHub
GitHub - e-m-b-a/emba: EMBA - The firmware security analyzer
EMBA - The firmware security analyzer. Contribute to e-m-b-a/emba development by creating an account on GitHub.
If You're Not Doing Continuous Asset Management You're Not Doing Security
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
https://ift.tt/2JuqJA1
Submitted December 18, 2021 at 03:32AM by danielrm26
via reddit https://ift.tt/3sgkGZe
Daniel Miessler
If You're Not Doing Continuous Asset Management You're Not Doing Security
A clear explanation for why asset management is so critical to a company's security posture, and why it should always be step zero.
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service (CVE-2021-45105)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
https://ift.tt/3365DXB
Submitted December 18, 2021 at 12:39PM by sanitybit
via reddit https://ift.tt/3mhD0NT
reddit
log4j 2.17.0 Released to Fix CVSS 7.5 Denial of Service...
A community for technical news and discussion of information security and closely related topics.
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln (CVSS score of 7.5)
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
https://ift.tt/3365DXB
Submitted December 18, 2021 at 04:24PM by ScottContini
via reddit https://ift.tt/3GXwDqO
reddit
Log4j version 2.17.0 fixes a new problem CVE-2021-45105 DoS vuln...
Posted in r/netsec by u/ScottContini • 1 point and 0 comments
lurch1317: A new pidgin plugin with strong crypto for deniablity (WIP)
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
https://ift.tt/34Jfdxq
Submitted December 18, 2021 at 05:10PM by hardenedvault
via reddit https://ift.tt/3FfQjpO
Synk release free Log4Shell vulnerabilities jar scanner via Snyk CLI
https://ift.tt/3IWCX41
Submitted December 18, 2021 at 08:42PM by GelosSnake
via reddit https://ift.tt/3p545pu
https://ift.tt/3IWCX41
Submitted December 18, 2021 at 08:42PM by GelosSnake
via reddit https://ift.tt/3p545pu
HUB Security Docker Digital Twin authenticates and verifies incoming Docker traffic
https://ift.tt/3q1a4Lf
Submitted December 19, 2021 at 09:29PM by OldBay_Trader
via reddit https://ift.tt/3J2I3vv
https://ift.tt/3q1a4Lf
Submitted December 19, 2021 at 09:29PM by OldBay_Trader
via reddit https://ift.tt/3J2I3vv
Help Net Security
HUB Security Docker Digital Twin authenticates and verifies incoming Docker traffic - Help Net Security
HUB Security announced its Docker Digital Twin product to protect, authenticate, and verify traffic created by Docker.
log4j — Getting to 2.16 and 2.17 is Only Critical If You Have Non-Default Logging Enabled
https://ift.tt/3pgW9Sh
Submitted December 19, 2021 at 11:24PM by danielrm26
via reddit https://ift.tt/3IYOy2x
https://ift.tt/3pgW9Sh
Submitted December 19, 2021 at 11:24PM by danielrm26
via reddit https://ift.tt/3IYOy2x
Daniel Miessler
The Subsequent Waves of log4j Vulnerabilities Aren't as Bad as People Think
If you're reading this you're underslept and over-caffeinated due to log4j. Thank you for your service. I have some good news. I know a super-smart guy
Log4j Vulnerability CVE-2021-45105: What You Need to Know (and how it differs from CVE-2021-45046)
https://ift.tt/3qd68qU
Submitted December 20, 2021 at 01:02PM by ScottContini
via reddit https://ift.tt/3yQBh7u
https://ift.tt/3qd68qU
Submitted December 20, 2021 at 01:02PM by ScottContini
via reddit https://ift.tt/3yQBh7u
letme.go - A minimalistic Meterpreter stager written in Go
https://ift.tt/3miTF3E
Submitted December 20, 2021 at 02:00PM by 0xdea
via reddit https://ift.tt/3yIbWfE
https://ift.tt/3miTF3E
Submitted December 20, 2021 at 02:00PM by 0xdea
via reddit https://ift.tt/3yIbWfE
HN Security
letme.go - A minimalistic Meterpreter stager written in Go - HN Security
Introducing a minimalistic Meterpreter stager written in Go (letme.go), useful in red teaming engagements.
Alan c2 post-exploitation framework v5.0 - All you can in-memory edition
https://ift.tt/3e7zHoc
Submitted December 19, 2021 at 09:51AM by aparata_s4tan
via reddit https://ift.tt/3Eb4JpO
https://ift.tt/3e7zHoc
Submitted December 19, 2021 at 09:51AM by aparata_s4tan
via reddit https://ift.tt/3Eb4JpO
Blogspot
Alan c2 Framework v5.0 - All you can in-memory edition
Twitter: @s4tan Download: https://github.com/enkomio/AlanFramework Documentation: https://github.com/enkomio/AlanFramework/tree/mai...
Inside a PBX - Discovering a Firmware Backdoor
https://ift.tt/3pcy5j9
Submitted December 20, 2021 at 06:29PM by RedTeamPentesting
via reddit https://ift.tt/3smuocS
https://ift.tt/3pcy5j9
Submitted December 20, 2021 at 06:29PM by RedTeamPentesting
via reddit https://ift.tt/3smuocS
OSS Getting Hammered for BigCorp Failures
https://ift.tt/3eaRTx8
Submitted December 20, 2021 at 10:50PM by GelosSnake
via reddit https://ift.tt/3qd6WMj
https://ift.tt/3eaRTx8
Submitted December 20, 2021 at 10:50PM by GelosSnake
via reddit https://ift.tt/3qd6WMj
Medium
OSS Getting Hammered for BigCorp Failures
Everyone heard of log4j by now