Tweet / Twitter
https://twitter.com/theasf/status/1400875147163279374
Volkan Yazıcı on Twitter: "Log4j maintainers have been working sleeplessly on mitigation measures; fixes, docs, CVE, replies to inquiries, etc. Yet nothing is stopping people to bash us, for work we aren't paid for, for a feature we all dislike yet needed to keep due to backward compatibility concerns." / Twitter
https://twitter.com/yazicivo/status/1469349956880408583
Canarytokens
https://canarytokens.org
Log4j RCE CVE-2021-44228 Exploitation Detection · GitHub
https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
Releases · NationalSecurityAgency/ghidra · GitHub
https://github.com/NationalSecurityAgency/ghidra/releases
BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC · GitHub
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
GitHub - mubix/CVE-2021-44228-Log4Shell-Hashes: Hashes for vulnerable LOG4J versions
https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes
us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
https://www.blackhat.com/docs/us-16/materials/us-16-Munoz-A-Journey-From-JNDI-LDAP-Manipulation-To-RCE.pdf
GreyNoise Log4Shell Payloads · GitHub
https://gist.github.com/nathanqthai/01808c569903f41a52e7e7b575caa890
GitHub - cube0x0/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
https://github.com/cube0x0/noPac
Aleksey Shipilëv on Twitter: "Sending hugs to Log4J people. This must be an extraordinarily shitty Friday for them." / Twitter
https://twitter.com/shipilev/status/1469327572781744132
Incredible RCE (Struts2 ft Log4j2) - YouTube
https://www.youtube.com/watch?v=D-TwQRoX6Fk
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Log4j – Apache Log4j Security Vulnerabilities
https://logging.apache.org/log4j/2.x/security.html
Canarytokens
https://canarytokens.org/generate#
Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace
https://www.lunasec.io/docs/blog/log4j-zero-day/
Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk
https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html
GitHub - YfryTchsGD/Log4jAttackSurface
https://github.com/YfryTchsGD/Log4jAttackSurface
sAMAccountName spoofing - The Hacker Recipes
https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing
Statement from CISA Director Easterly on “Log4j” Vulnerability | CISA
https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
active-scan-plus-plus/activeScan++.py at master · PortSwigger/active-scan-plus-plus · GitHub
https://github.com/PortSwigger/active-scan-plus-plus/blob/master/activeScan++.py
CVE-2021-44228 - Log4j 2 Vulnerability Analysis - Randori Attack Team
https://www.randori.com/blog/cve-2021-44228/
Apache Logging Services
http://logging.apache.org/
Florian Roth on Twitter: "Please don't send me any more evasion methods. I have given up trying to cover all of them. It's pointless. No reasonable regex could ever cover them all. I'll focus on other things now. Breakfast, for example." / Twitter
https://twitter.com/cyb3rops/status/1469603836826431489
GitHub - Cybereason/Logout4Shell: Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
https://github.com/Cybereason/Logout4Shell
Apache Log4jの任意のコード実行の脆弱性(CVE-2021-44228)に関する注意喚起
https://www.jpcert.or.jp/at/2021/at210050.html
Mick Douglas 🇺🇦🌻 on Twitter: "Just got off phone with a client. Log4j is in their network. Vendor claims patch will be available next release... which is multiple months from now. Here's what you do if you're in this situation. 1. Keep calm. There's no need to panic. 2. Carefully read this thread. 1/?" / Twitter
https://twitter.com/bettersafetynet/status/1469470284977745932
The Week in Ransomware - December 10th 2021 - Project CODA
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-10th-2021-project-coda/
Filippo Valsorda on Twitter: "This is the maintainer who fixed the vulnerability that's causing millions(++?) of dollars of damage. "I work on Log4j in my spare time" "always dreamed of working on open source full time" "3 sponsors are funding @rgoers's work: Michael, Glenn, Matt" People, what are we doing. https://t.co/2hAxUWCjuC" / Twitter
https://twitter.com/FiloSottile/status/1469441487175880711
Stefan Soesanto on Twitter: ""Top Excel experts will battle it out in an esports-like competition this weekend" ... you heard that right. https://t.co/ZfwvAJziMb" / Twitter
https://twitter.com/iiyonite/status/1469670138454679552
CVE-2021-44228 Apache Log4j RCE Attempts Dec 20th 9:27PM ET · GitHub
https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217
SwitHak (👁) on Twitter: "🛡️BlueTeam CheatSheet * #Log4Shell CVE-2021-44228* | Last updated: 2021-12-11 0040 UTC ↘️ https://t.co/gamCpn8AmH" / Twitter
https://twitter.com/swithak/status/1469467786997121029
VMSA-2021-0028.13
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
GitHub - Neo23x0/log4shell-detector: Detector for Log4Shell exploitation attempts
https://github.com/Neo23x0/log4shell-detector
