#apache #log4j security vulnerabilities ,#cve-2021-44228 ,log4j #cve-2021-44228 ,#log4j #zero #day ,zero day ,log4shell ,log4j poc ,apache log4j vulnerabilities
Log4j is logging library used by Apache products, Log4j is affected by the CVE-2021-44228 which is lead to a remote code execution vulnerability, it can be exploited without authentication. making CVE-2021-44228 an unauthenticated RCE vulnerability
Apache Log4j versions prior to 2.15.0 do not protect against attacker-controlled LDAP and other JNDI-related endpoints. When message lookup substitution is enabled, an attacker with control over log messages or log message parameters can execute arbitrary code loaded from LDAP servers. This vulnerability is also dubbed Log4Shell or LogJam.
Useful Links
Credit to https://github.com/Neo23x0
Credit to https://www.lunasec.io/docs/blog/log4j-zero-day/
SIGMA Rule available https://github.com/SigmaHQ/sigma/blob/master/rules/web/web_cve_2021_44228_log4j.yml
Convert it to your SIEM format (Using uncoder.io)
https://uncoder.io/
A YARA Rule is available to be used in your environment to detect vulnerable components based on hashes
https://github.com/Neo23x0/signature-base/blob/master/yara/expl_log4j_cve_2021_44228.yar
################################
Official Log4j release
https://logging.apache.org/log4j/2.x/
Vulnerability analysis by #Tenable (#Nessus)
https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability
List of vendor releases related to this vulnerability
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
Useful Reddit thread
https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/
Github POCs / #JNDI injection exploit
https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce
https://github.com/welk1n/JNDI-Injection-Exploit
#F5 #WAF response
https://support.f5.com/csp/article/K19026212
#List of Known Addresses that are distributing the malware
https://www.facebook.com/techvortex.official/photos/gm.1098875667525789/155821003435538/?type=3&theater
Chapters
00:00 introduction
00:35 understand the exploitation steps
03:10 How to fix Log4j vulnerability
05:23 Threat detection using SIEM & YARA Rules
08:50 Security best practices | How much Security enough
14:41 End of video and important note
Contact us
Telegram
https://t.me/techvortex
Facebook Group
https://www.facebook.com/groups/1012323126181044
Facebook Page
https://www.facebook.com/techvortex.official
This video is a result of hard work, dedicated time and preparation and years of experience, Please like, Subscribe and Share and tell us your comment